General

  • Target

    7f8701f44dc8effaef97b5dc6015ba67cabb9b728ab793ec019e92e6d8eaf8fd

  • Size

    563KB

  • Sample

    241111-mywveayckj

  • MD5

    5758d387855253e4cc923bb633bae8e9

  • SHA1

    607f1b7f817da28d09bb0db63140776c3d116c2a

  • SHA256

    7f8701f44dc8effaef97b5dc6015ba67cabb9b728ab793ec019e92e6d8eaf8fd

  • SHA512

    df091a14f2133a78cce6a410c95d58850c3549055f36a967bea10e51d8c8bc0696fe76b96ad9b7c0cb17e22022e7d19c243b2e16d9023f41b85897709e2a8cb5

  • SSDEEP

    12288:0y90ORDrOD42U853BPITGfjL6uqMKzb0rgZ9mmo8u1O:0ypE4ypITGf36XHDmm3uI

Malware Config

Targets

    • Target

      7f8701f44dc8effaef97b5dc6015ba67cabb9b728ab793ec019e92e6d8eaf8fd

    • Size

      563KB

    • MD5

      5758d387855253e4cc923bb633bae8e9

    • SHA1

      607f1b7f817da28d09bb0db63140776c3d116c2a

    • SHA256

      7f8701f44dc8effaef97b5dc6015ba67cabb9b728ab793ec019e92e6d8eaf8fd

    • SHA512

      df091a14f2133a78cce6a410c95d58850c3549055f36a967bea10e51d8c8bc0696fe76b96ad9b7c0cb17e22022e7d19c243b2e16d9023f41b85897709e2a8cb5

    • SSDEEP

      12288:0y90ORDrOD42U853BPITGfjL6uqMKzb0rgZ9mmo8u1O:0ypE4ypITGf36XHDmm3uI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks