General

  • Target

    112e6c09c66e8abd5159211f5496e7dad4469e07393acafd88e75b0ddd999b1a

  • Size

    468KB

  • Sample

    241113-yhsctsxndy

  • MD5

    42fc9be6e545d3027ff455a6151ee15f

  • SHA1

    138c286580187081e53e79d246384443c41ee67c

  • SHA256

    112e6c09c66e8abd5159211f5496e7dad4469e07393acafd88e75b0ddd999b1a

  • SHA512

    d08e38309732c530313c5a52e76b24498a8c05485b135909bbbfdd6b4178ef29414e182d76b2cde8ad07dac992b43cfacc39fd0f9038da721f9163639db37c53

  • SSDEEP

    6144:rjp0yN90QEuLD+i2cWt3P/fgtGk88bpJrY3Px1mzvg7qBrfzWlRfUjM3+ZxD9MXd:Cy90kHFCfs2//HYBrfzWlM4exMZP

Malware Config

Targets

    • Target

      112e6c09c66e8abd5159211f5496e7dad4469e07393acafd88e75b0ddd999b1a

    • Size

      468KB

    • MD5

      42fc9be6e545d3027ff455a6151ee15f

    • SHA1

      138c286580187081e53e79d246384443c41ee67c

    • SHA256

      112e6c09c66e8abd5159211f5496e7dad4469e07393acafd88e75b0ddd999b1a

    • SHA512

      d08e38309732c530313c5a52e76b24498a8c05485b135909bbbfdd6b4178ef29414e182d76b2cde8ad07dac992b43cfacc39fd0f9038da721f9163639db37c53

    • SSDEEP

      6144:rjp0yN90QEuLD+i2cWt3P/fgtGk88bpJrY3Px1mzvg7qBrfzWlRfUjM3+ZxD9MXd:Cy90kHFCfs2//HYBrfzWlM4exMZP

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks