General

  • Target

    6ff6285a107defe8e63b09aa0440c965f591571651f07b639d483be6c44d9310

  • Size

    550KB

  • Sample

    241122-a5la2axjck

  • MD5

    c32d5571a620b5b9776dfb56b072cc0a

  • SHA1

    3c4125d93582364ccd6760fd8e5dccf08c4096d9

  • SHA256

    6ff6285a107defe8e63b09aa0440c965f591571651f07b639d483be6c44d9310

  • SHA512

    5625756c14065840b1758471cfc8657013700c9405367169d046b8229f321771d159ef1ee083cd03232e9d615ce1e573b18279bc413830b0e073cdda7f1f14e0

  • SSDEEP

    12288:Ty90yA3oGzqR431ZETeb8IOSFNmQTY+b+GC:TyVa1N3FNHb+GC

Malware Config

Targets

    • Target

      6ff6285a107defe8e63b09aa0440c965f591571651f07b639d483be6c44d9310

    • Size

      550KB

    • MD5

      c32d5571a620b5b9776dfb56b072cc0a

    • SHA1

      3c4125d93582364ccd6760fd8e5dccf08c4096d9

    • SHA256

      6ff6285a107defe8e63b09aa0440c965f591571651f07b639d483be6c44d9310

    • SHA512

      5625756c14065840b1758471cfc8657013700c9405367169d046b8229f321771d159ef1ee083cd03232e9d615ce1e573b18279bc413830b0e073cdda7f1f14e0

    • SSDEEP

      12288:Ty90yA3oGzqR431ZETeb8IOSFNmQTY+b+GC:TyVa1N3FNHb+GC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks