General

  • Target

    3b6ced0fd1be61b13724c7a5df5246f93477c9bfd69893d12f63cdde5cc35d2e.exe

  • Size

    415KB

  • Sample

    241113-rfvlvaspcs

  • MD5

    4444646224a2df061bd97d68a61a1561

  • SHA1

    f5c916f89d449b2d8ef1c903e15d9c394987cb9f

  • SHA256

    3b6ced0fd1be61b13724c7a5df5246f93477c9bfd69893d12f63cdde5cc35d2e

  • SHA512

    208577a5f587bb958c2b7ab49a811860120884d3ae9cd52f9209af131f44464cf2b7b68b2900035e98e2cae1fee16759ea28d974193e1ab3dcdce0e04f641b7d

  • SSDEEP

    6144:lep0yN90QEW+10YgISOSpUaFfiQqdrnmkY8c0pG711ZQEDMnKcF/L1Md:Vy90x1n+pUaFQdrnJY8c08TZQQ0/L1Md

Malware Config

Targets

    • Target

      3b6ced0fd1be61b13724c7a5df5246f93477c9bfd69893d12f63cdde5cc35d2e.exe

    • Size

      415KB

    • MD5

      4444646224a2df061bd97d68a61a1561

    • SHA1

      f5c916f89d449b2d8ef1c903e15d9c394987cb9f

    • SHA256

      3b6ced0fd1be61b13724c7a5df5246f93477c9bfd69893d12f63cdde5cc35d2e

    • SHA512

      208577a5f587bb958c2b7ab49a811860120884d3ae9cd52f9209af131f44464cf2b7b68b2900035e98e2cae1fee16759ea28d974193e1ab3dcdce0e04f641b7d

    • SSDEEP

      6144:lep0yN90QEW+10YgISOSpUaFfiQqdrnmkY8c0pG711ZQEDMnKcF/L1Md:Vy90x1n+pUaFQdrnJY8c08TZQQ0/L1Md

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks