General

  • Target

    c6accd741fa754e3077978bafd17632cdd72ef59dfa449773e691462ec2127e1

  • Size

    457KB

  • Sample

    241117-k3m2yswfmg

  • MD5

    d31f011cb411dbb99b9057c1603492c2

  • SHA1

    bbf801711931e760ae0d093a43cce2d87da37b1f

  • SHA256

    c6accd741fa754e3077978bafd17632cdd72ef59dfa449773e691462ec2127e1

  • SHA512

    274675a4177ee3dd072cdd72091d5142b765e9b07da2db29142b938f595ab6e4651c7f761aac06e1bb8fcc26092f0ce390da8f20335c8a2e923dde5b582551ec

  • SSDEEP

    12288:wy90Xk3cvhFvSrh0566elZ4FNPORUhFTSv:wyZSvUHSNPoUhFSv

Malware Config

Targets

    • Target

      c6accd741fa754e3077978bafd17632cdd72ef59dfa449773e691462ec2127e1

    • Size

      457KB

    • MD5

      d31f011cb411dbb99b9057c1603492c2

    • SHA1

      bbf801711931e760ae0d093a43cce2d87da37b1f

    • SHA256

      c6accd741fa754e3077978bafd17632cdd72ef59dfa449773e691462ec2127e1

    • SHA512

      274675a4177ee3dd072cdd72091d5142b765e9b07da2db29142b938f595ab6e4651c7f761aac06e1bb8fcc26092f0ce390da8f20335c8a2e923dde5b582551ec

    • SSDEEP

      12288:wy90Xk3cvhFvSrh0566elZ4FNPORUhFTSv:wyZSvUHSNPoUhFSv

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks