General

  • Target

    189c7eefab7ce0eb6c46397e8dc1c027ac26787339fa8c2583a9f11dd2c042ef

  • Size

    1.1MB

  • Sample

    241111-hjxe6svgqf

  • MD5

    1de5705e3bbc894d0066581b07bc9275

  • SHA1

    98164d7c6d360d17b17ef2f69cc30377031b2dba

  • SHA256

    189c7eefab7ce0eb6c46397e8dc1c027ac26787339fa8c2583a9f11dd2c042ef

  • SHA512

    c19850cd43701b9ebb6262c6d51c9117d45a78f2a51d2148870667d2d5ef7a90369b9fe7b1b249189c803ec60c2e40cda1fb5e1121f6279ab767fb586e016185

  • SSDEEP

    24576:oywlIIRrkvR5d+BgQautHRumSGtul3GidEyz:v73d+BgQaYxe+uFnr

Malware Config

Targets

    • Target

      189c7eefab7ce0eb6c46397e8dc1c027ac26787339fa8c2583a9f11dd2c042ef

    • Size

      1.1MB

    • MD5

      1de5705e3bbc894d0066581b07bc9275

    • SHA1

      98164d7c6d360d17b17ef2f69cc30377031b2dba

    • SHA256

      189c7eefab7ce0eb6c46397e8dc1c027ac26787339fa8c2583a9f11dd2c042ef

    • SHA512

      c19850cd43701b9ebb6262c6d51c9117d45a78f2a51d2148870667d2d5ef7a90369b9fe7b1b249189c803ec60c2e40cda1fb5e1121f6279ab767fb586e016185

    • SSDEEP

      24576:oywlIIRrkvR5d+BgQautHRumSGtul3GidEyz:v73d+BgQaYxe+uFnr

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks