General

  • Target

    0a588fc3c51a7d91017f8fa10170b192a80b940b9329040edd5857714f91b08f

  • Size

    416KB

  • Sample

    241112-x7r8pazbpq

  • MD5

    648522c41ba11ff30e54d985f0944224

  • SHA1

    d897ffd5989460aab76b9879813b92fe93f3a670

  • SHA256

    0a588fc3c51a7d91017f8fa10170b192a80b940b9329040edd5857714f91b08f

  • SHA512

    ab93c2898d382ffdf8e63d3df24e1e62965852867183f43913dd576f1e9d557563905963378f0ee135c5bcfbccbf9ddeee2db32cc844ceef83ba3a54699b50ff

  • SSDEEP

    6144:KVy+bnr+fp0yN90QEJMfXKEebv2rP62eIRydh91zTvMoMtVdvShJt0+J:rMrry90UCDbvy6+Ryd5fvMPtVdwt0y

Malware Config

Targets

    • Target

      0a588fc3c51a7d91017f8fa10170b192a80b940b9329040edd5857714f91b08f

    • Size

      416KB

    • MD5

      648522c41ba11ff30e54d985f0944224

    • SHA1

      d897ffd5989460aab76b9879813b92fe93f3a670

    • SHA256

      0a588fc3c51a7d91017f8fa10170b192a80b940b9329040edd5857714f91b08f

    • SHA512

      ab93c2898d382ffdf8e63d3df24e1e62965852867183f43913dd576f1e9d557563905963378f0ee135c5bcfbccbf9ddeee2db32cc844ceef83ba3a54699b50ff

    • SSDEEP

      6144:KVy+bnr+fp0yN90QEJMfXKEebv2rP62eIRydh91zTvMoMtVdvShJt0+J:rMrry90UCDbvy6+Ryd5fvMPtVdwt0y

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks