General

  • Target

    2a57e9f62ece12954e9fccc3f501ae1dbda331e87edb86c263176f95fb3d78aeN

  • Size

    406KB

  • Sample

    241112-xtjdmayhjr

  • MD5

    22e85c60dd7a206cbe844364f79769c0

  • SHA1

    eae116c335702967eafcf331ccea7663156a859e

  • SHA256

    2a57e9f62ece12954e9fccc3f501ae1dbda331e87edb86c263176f95fb3d78ae

  • SHA512

    093911a6fb1c1dbe9838c50b5a446be99679843cbfb25ad32938034b3532cfeead1af9c52ae1dc0fc8de6883187b7c307fcdd4b53914275b6ade134d9b96cfc6

  • SSDEEP

    6144:0Ep0yN90QE3ZPnKYzzz+V5WF6tICW3d5u2VGyGcURe2Bi2c9Sv54zbYce:ey90dZ1zzIWIq3d3y09SvHce

Malware Config

Targets

    • Target

      2a57e9f62ece12954e9fccc3f501ae1dbda331e87edb86c263176f95fb3d78aeN

    • Size

      406KB

    • MD5

      22e85c60dd7a206cbe844364f79769c0

    • SHA1

      eae116c335702967eafcf331ccea7663156a859e

    • SHA256

      2a57e9f62ece12954e9fccc3f501ae1dbda331e87edb86c263176f95fb3d78ae

    • SHA512

      093911a6fb1c1dbe9838c50b5a446be99679843cbfb25ad32938034b3532cfeead1af9c52ae1dc0fc8de6883187b7c307fcdd4b53914275b6ade134d9b96cfc6

    • SSDEEP

      6144:0Ep0yN90QE3ZPnKYzzz+V5WF6tICW3d5u2VGyGcURe2Bi2c9Sv54zbYce:ey90dZ1zzIWIq3d3y09SvHce

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks