General

  • Target

    323f9e8d96eccac2090c122ee78ec1215d1f657ecef98dde4a54476f9921d96f

  • Size

    914KB

  • Sample

    241113-zs4z2sygmh

  • MD5

    e7cba55693c8ab23f83ece5d944b367d

  • SHA1

    bad25ba8f270984864b98411ea411f8dddbd9271

  • SHA256

    323f9e8d96eccac2090c122ee78ec1215d1f657ecef98dde4a54476f9921d96f

  • SHA512

    1f148478a15754cc99a21c899cccd0197ee0e4696be855e9e1794fede28cea6eac1c77e42c67e8c629f7905efe5bc7843457e29e4e3927a59ccbd871a51f5cb3

  • SSDEEP

    12288:2MrWy90tU4ny/VdG1fy6uvqSFBb7oKMqTaQoAJo2m7cWAHyRod3yGDmjynUXzKf4:IymiTG14vqQcfA9vWmyRa3ygIekae

Malware Config

Targets

    • Target

      323f9e8d96eccac2090c122ee78ec1215d1f657ecef98dde4a54476f9921d96f

    • Size

      914KB

    • MD5

      e7cba55693c8ab23f83ece5d944b367d

    • SHA1

      bad25ba8f270984864b98411ea411f8dddbd9271

    • SHA256

      323f9e8d96eccac2090c122ee78ec1215d1f657ecef98dde4a54476f9921d96f

    • SHA512

      1f148478a15754cc99a21c899cccd0197ee0e4696be855e9e1794fede28cea6eac1c77e42c67e8c629f7905efe5bc7843457e29e4e3927a59ccbd871a51f5cb3

    • SSDEEP

      12288:2MrWy90tU4ny/VdG1fy6uvqSFBb7oKMqTaQoAJo2m7cWAHyRod3yGDmjynUXzKf4:IymiTG14vqQcfA9vWmyRa3ygIekae

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks