General

  • Target

    1e57cfeaea92753cb87b3198d7cda296c3300b538be39337b6c3e4751a650e60

  • Size

    409KB

  • Sample

    241113-y3fvjayflj

  • MD5

    fc6576cf0563b2246a91e805aea35663

  • SHA1

    a2c7f00b59fdeb30234a439a6759c7139d283931

  • SHA256

    1e57cfeaea92753cb87b3198d7cda296c3300b538be39337b6c3e4751a650e60

  • SHA512

    6abd67304a1b7ab71f96dfb948b3db65db853c3a9365b571d80bc467147784ab64ff682a8a098062198a61d2b0207abdee2e5acd81c816b512b8edc06fc2f7ab

  • SSDEEP

    6144:LFQp0yN90QEOlo6/TSfWAelK5I1VzKpfsvLIzzb5hMa266+8g56:3y90uefB5I1Vzm0vsznMPK6

Malware Config

Targets

    • Target

      1e57cfeaea92753cb87b3198d7cda296c3300b538be39337b6c3e4751a650e60

    • Size

      409KB

    • MD5

      fc6576cf0563b2246a91e805aea35663

    • SHA1

      a2c7f00b59fdeb30234a439a6759c7139d283931

    • SHA256

      1e57cfeaea92753cb87b3198d7cda296c3300b538be39337b6c3e4751a650e60

    • SHA512

      6abd67304a1b7ab71f96dfb948b3db65db853c3a9365b571d80bc467147784ab64ff682a8a098062198a61d2b0207abdee2e5acd81c816b512b8edc06fc2f7ab

    • SSDEEP

      6144:LFQp0yN90QEOlo6/TSfWAelK5I1VzKpfsvLIzzb5hMa266+8g56:3y90uefB5I1Vzm0vsznMPK6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks