General

  • Target

    4f7441df9e3ed28811914e4b41dd124f9effd8f9caba190ed7e8a1dd34f9e7c3

  • Size

    690KB

  • Sample

    241111-hpr3msylgq

  • MD5

    1ff58e7dca01b61354749d536409e62c

  • SHA1

    8e91157354d2542906611179bbd5a03b789ab586

  • SHA256

    4f7441df9e3ed28811914e4b41dd124f9effd8f9caba190ed7e8a1dd34f9e7c3

  • SHA512

    eb9427ef72202b7e19e849226c2a8cd2f452ae62d41a9972fb97e634ab88c0c8b4500d2d2a98674054ebfed40483938579d9f8ffdf8834e046c687fcd02afab5

  • SSDEEP

    12288:iy90Fch38SE7zdT4hakjFX0Rn7NQpvNXCl0O4W2zmXNv76Oear:iyVhMSQGLjFX6OXCn2ziNThr

Malware Config

Targets

    • Target

      4f7441df9e3ed28811914e4b41dd124f9effd8f9caba190ed7e8a1dd34f9e7c3

    • Size

      690KB

    • MD5

      1ff58e7dca01b61354749d536409e62c

    • SHA1

      8e91157354d2542906611179bbd5a03b789ab586

    • SHA256

      4f7441df9e3ed28811914e4b41dd124f9effd8f9caba190ed7e8a1dd34f9e7c3

    • SHA512

      eb9427ef72202b7e19e849226c2a8cd2f452ae62d41a9972fb97e634ab88c0c8b4500d2d2a98674054ebfed40483938579d9f8ffdf8834e046c687fcd02afab5

    • SSDEEP

      12288:iy90Fch38SE7zdT4hakjFX0Rn7NQpvNXCl0O4W2zmXNv76Oear:iyVhMSQGLjFX6OXCn2ziNThr

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks