General

  • Target

    1ed876fda9d7d885fb74dab9ee5d87c665f19411e9e08b2aea526d95dfffc8b3

  • Size

    488KB

  • Sample

    241112-y184asyres

  • MD5

    aab2500b583817775490d153cb26fcfc

  • SHA1

    e83f18f484744fce38d7ae0eb9d477c9b67dd833

  • SHA256

    1ed876fda9d7d885fb74dab9ee5d87c665f19411e9e08b2aea526d95dfffc8b3

  • SHA512

    1e34c3fc3f7ea0313c1b884fa4c5e0de260e6bfd596c1198735c905d5ec2b75742aafdd791c3b02d9817a7da7e1606a35e01b9af8eede8626c1cc9de22b76df8

  • SSDEEP

    12288:3y90LyKZqLtD1Ii0EaR06wvPiLEzywA83:3yzh1IilViLsyS

Malware Config

Targets

    • Target

      1ed876fda9d7d885fb74dab9ee5d87c665f19411e9e08b2aea526d95dfffc8b3

    • Size

      488KB

    • MD5

      aab2500b583817775490d153cb26fcfc

    • SHA1

      e83f18f484744fce38d7ae0eb9d477c9b67dd833

    • SHA256

      1ed876fda9d7d885fb74dab9ee5d87c665f19411e9e08b2aea526d95dfffc8b3

    • SHA512

      1e34c3fc3f7ea0313c1b884fa4c5e0de260e6bfd596c1198735c905d5ec2b75742aafdd791c3b02d9817a7da7e1606a35e01b9af8eede8626c1cc9de22b76df8

    • SSDEEP

      12288:3y90LyKZqLtD1Ii0EaR06wvPiLEzywA83:3yzh1IilViLsyS

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks