General

  • Target

    c6cc56aa8b44da0bfcb03bfc237e238aaa694e1ddca560d94c5430b0c3bc8320

  • Size

    376KB

  • Sample

    241111-hjvlksvdqk

  • MD5

    226ebef289d183a186a2dcdaff6d9f10

  • SHA1

    8f6779fce4c761ad3ffb02107a61b205f3505cd3

  • SHA256

    c6cc56aa8b44da0bfcb03bfc237e238aaa694e1ddca560d94c5430b0c3bc8320

  • SHA512

    e13bba9acf435644b89c12e55784dd02e86fb23a9b33d5e0ebecfc5f26c2511202f46cbaa4f2c1337fb5b72d32315f97644ff1f22309f0baf883302a912e0c27

  • SSDEEP

    6144:KIy+bnr+Vp0yN90QEq9eQQAZtRYQsZA1CgFrHWYyjcMni8wi36xz1/krc7An60Ib:YMr9y90kVGTgtWdirF1/wPnnIb

Malware Config

Targets

    • Target

      c6cc56aa8b44da0bfcb03bfc237e238aaa694e1ddca560d94c5430b0c3bc8320

    • Size

      376KB

    • MD5

      226ebef289d183a186a2dcdaff6d9f10

    • SHA1

      8f6779fce4c761ad3ffb02107a61b205f3505cd3

    • SHA256

      c6cc56aa8b44da0bfcb03bfc237e238aaa694e1ddca560d94c5430b0c3bc8320

    • SHA512

      e13bba9acf435644b89c12e55784dd02e86fb23a9b33d5e0ebecfc5f26c2511202f46cbaa4f2c1337fb5b72d32315f97644ff1f22309f0baf883302a912e0c27

    • SSDEEP

      6144:KIy+bnr+Vp0yN90QEq9eQQAZtRYQsZA1CgFrHWYyjcMni8wi36xz1/krc7An60Ib:YMr9y90kVGTgtWdirF1/wPnnIb

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks