General

  • Target

    7a33ae5a53405997e8284a9d140db8a91fb0d65541323b92d68f149d229b8884

  • Size

    566KB

  • Sample

    241111-hnfm8aylfk

  • MD5

    76cc5bcb3a567676b8b35afae9ca540d

  • SHA1

    365d63f6a85234551b9c39e51cd30ce08255d52d

  • SHA256

    7a33ae5a53405997e8284a9d140db8a91fb0d65541323b92d68f149d229b8884

  • SHA512

    16a94559e0737a37ffab4f8b98290f7fdbfc28df81113deda2eccb3de6a81a24d2dcd38c6c9bfb16a72a23b5788837b2cce6dfb9271f28fc823fd4898ecf0d4b

  • SSDEEP

    12288:by9063cGXPbEpW6Idw3ooe/PRy+ow4SYuT:byNc6PopW/YHeE+bD3

Malware Config

Targets

    • Target

      7a33ae5a53405997e8284a9d140db8a91fb0d65541323b92d68f149d229b8884

    • Size

      566KB

    • MD5

      76cc5bcb3a567676b8b35afae9ca540d

    • SHA1

      365d63f6a85234551b9c39e51cd30ce08255d52d

    • SHA256

      7a33ae5a53405997e8284a9d140db8a91fb0d65541323b92d68f149d229b8884

    • SHA512

      16a94559e0737a37ffab4f8b98290f7fdbfc28df81113deda2eccb3de6a81a24d2dcd38c6c9bfb16a72a23b5788837b2cce6dfb9271f28fc823fd4898ecf0d4b

    • SSDEEP

      12288:by9063cGXPbEpW6Idw3ooe/PRy+ow4SYuT:byNc6PopW/YHeE+bD3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks