General

  • Target

    dd90b88c523ae9eec6f01b9cb38eabeb6f7880125e60e78e999e729b8e4f96b4

  • Size

    624KB

  • Sample

    241117-lyjpeawpdx

  • MD5

    e1ea14c15c69bdd8b3d82e2e228713ac

  • SHA1

    0428efeef8b4b377064334b80193ec8391b4d59a

  • SHA256

    dd90b88c523ae9eec6f01b9cb38eabeb6f7880125e60e78e999e729b8e4f96b4

  • SHA512

    722e15c61d2181652880ae03cb2b7af30a1950ce7813b80f302df1ff8d3aa866a5ec67879632c45a72a5eff9dfc8882038b862822894c146f5a4589e1a449239

  • SSDEEP

    12288:Gy90xiAY4ewLIAKY82YKqT4hiuLGz/p9xQJStJ3cAcW4lx3/bMVy:GyIiLtwg3hTQRO/4St5cNlNbSy

Malware Config

Targets

    • Target

      dd90b88c523ae9eec6f01b9cb38eabeb6f7880125e60e78e999e729b8e4f96b4

    • Size

      624KB

    • MD5

      e1ea14c15c69bdd8b3d82e2e228713ac

    • SHA1

      0428efeef8b4b377064334b80193ec8391b4d59a

    • SHA256

      dd90b88c523ae9eec6f01b9cb38eabeb6f7880125e60e78e999e729b8e4f96b4

    • SHA512

      722e15c61d2181652880ae03cb2b7af30a1950ce7813b80f302df1ff8d3aa866a5ec67879632c45a72a5eff9dfc8882038b862822894c146f5a4589e1a449239

    • SSDEEP

      12288:Gy90xiAY4ewLIAKY82YKqT4hiuLGz/p9xQJStJ3cAcW4lx3/bMVy:GyIiLtwg3hTQRO/4St5cNlNbSy

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks