General

  • Target

    d8c38826be6ea3179d94d909d17cc3130ec4d730b4f2b2fe47c8e42f251e9658

  • Size

    541KB

  • Sample

    241122-fata2szrdn

  • MD5

    0a30f6fdad52b3ef1c6f33311898889e

  • SHA1

    9cf8161834200d5974c2d0d7201d89fed82c19d2

  • SHA256

    d8c38826be6ea3179d94d909d17cc3130ec4d730b4f2b2fe47c8e42f251e9658

  • SHA512

    c89a9dc27f0cc1de6cc4d040872c4e42a22c6e34ee02b978d0dee67a6a5aa107706763c28ae8ae81bbe7154c38d755bccfeec670b8d6fc718ab9d7f37c697acd

  • SSDEEP

    12288:Jy90NRPYVspZpty0ofFEFHQxQz7DtWEEHQy:JyyRQWtclWNAHQy

Malware Config

Targets

    • Target

      d8c38826be6ea3179d94d909d17cc3130ec4d730b4f2b2fe47c8e42f251e9658

    • Size

      541KB

    • MD5

      0a30f6fdad52b3ef1c6f33311898889e

    • SHA1

      9cf8161834200d5974c2d0d7201d89fed82c19d2

    • SHA256

      d8c38826be6ea3179d94d909d17cc3130ec4d730b4f2b2fe47c8e42f251e9658

    • SHA512

      c89a9dc27f0cc1de6cc4d040872c4e42a22c6e34ee02b978d0dee67a6a5aa107706763c28ae8ae81bbe7154c38d755bccfeec670b8d6fc718ab9d7f37c697acd

    • SSDEEP

      12288:Jy90NRPYVspZpty0ofFEFHQxQz7DtWEEHQy:JyyRQWtclWNAHQy

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks