General

  • Target

    1c3edad9349c2d0ca2e05428f15369c8f1007148ba12f53a3f022a62d49863fb

  • Size

    553KB

  • Sample

    241112-yxrpvatkhn

  • MD5

    b6482f0cd1137f11f5d0e44361d364be

  • SHA1

    d80cabdbc739221c6efea3eb519d34f1655c14d8

  • SHA256

    1c3edad9349c2d0ca2e05428f15369c8f1007148ba12f53a3f022a62d49863fb

  • SHA512

    75fcfeaa7b1b7f3b3b6c2062d9f891d967c84730c0558d17a22db9163d958b5947fbd0ea8a7df0922a0553b4a36b01c66147dbc9152559ba9d4082bf51bb5c5c

  • SSDEEP

    12288:cy90OmwQzXDtXiFEIk1VkFPsl+yPSJ9MSTdnvtmZ03IAEo8R:cyGbDUEI6CEl+Ss9MOvq6hC

Malware Config

Targets

    • Target

      1c3edad9349c2d0ca2e05428f15369c8f1007148ba12f53a3f022a62d49863fb

    • Size

      553KB

    • MD5

      b6482f0cd1137f11f5d0e44361d364be

    • SHA1

      d80cabdbc739221c6efea3eb519d34f1655c14d8

    • SHA256

      1c3edad9349c2d0ca2e05428f15369c8f1007148ba12f53a3f022a62d49863fb

    • SHA512

      75fcfeaa7b1b7f3b3b6c2062d9f891d967c84730c0558d17a22db9163d958b5947fbd0ea8a7df0922a0553b4a36b01c66147dbc9152559ba9d4082bf51bb5c5c

    • SSDEEP

      12288:cy90OmwQzXDtXiFEIk1VkFPsl+yPSJ9MSTdnvtmZ03IAEo8R:cyGbDUEI6CEl+Ss9MOvq6hC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks