General

  • Target

    37705424bc03dddbc62324bdfa7ca32cb08d38c93612aeb066032bc5db4d8832

  • Size

    702KB

  • Sample

    241111-hf9w4avdlq

  • MD5

    4ca26f9578dbf44f8cf0a57c96aff965

  • SHA1

    3698bcfa27c6743c5083125b150c9b2bb90a3078

  • SHA256

    37705424bc03dddbc62324bdfa7ca32cb08d38c93612aeb066032bc5db4d8832

  • SHA512

    8d9c5a33a9089b546dcc8cfe4728430aa39e373c46caea734bad657eca5f5691d0685bbc87699fe0c04662074826037751137ab7d950401a4b7804f6db43fe31

  • SSDEEP

    12288:ny90ConflxpbsgHSUbNXkVinNE8sphcoAFfn1BBudGJweSBlIQBIJ:nyCflxxDb688M9La7Rw

Malware Config

Targets

    • Target

      37705424bc03dddbc62324bdfa7ca32cb08d38c93612aeb066032bc5db4d8832

    • Size

      702KB

    • MD5

      4ca26f9578dbf44f8cf0a57c96aff965

    • SHA1

      3698bcfa27c6743c5083125b150c9b2bb90a3078

    • SHA256

      37705424bc03dddbc62324bdfa7ca32cb08d38c93612aeb066032bc5db4d8832

    • SHA512

      8d9c5a33a9089b546dcc8cfe4728430aa39e373c46caea734bad657eca5f5691d0685bbc87699fe0c04662074826037751137ab7d950401a4b7804f6db43fe31

    • SSDEEP

      12288:ny90ConflxpbsgHSUbNXkVinNE8sphcoAFfn1BBudGJweSBlIQBIJ:nyCflxxDb688M9La7Rw

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks