General

  • Target

    4f0d6306a319b2af56e25f39efe0eeff10279aa09fd5d535b37797c2febc7224.exe

  • Size

    568KB

  • Sample

    241126-n24vvszmfs

  • MD5

    4f48c5070bf9c3709ec8a1abd2ae8b5b

  • SHA1

    c333b2796807cb4b4e8555479a5e90de68f93d9a

  • SHA256

    4f0d6306a319b2af56e25f39efe0eeff10279aa09fd5d535b37797c2febc7224

  • SHA512

    6d4666dc9d4a1cb922b1346a7d7ed81ff062aa03e502a4c341d890a208a25d2feaed5ae4869be6b6caa21af0ad9657b45445c580550bffb1f7c8fbe713e763d7

  • SSDEEP

    12288:Fy90UnVGLhZktvpwmsQpU0jyo3o3YwC6VW6vMF9qobO4Z:Fyjq+vmmsQG073o3xyI2zK4Z

Malware Config

Targets

    • Target

      4f0d6306a319b2af56e25f39efe0eeff10279aa09fd5d535b37797c2febc7224.exe

    • Size

      568KB

    • MD5

      4f48c5070bf9c3709ec8a1abd2ae8b5b

    • SHA1

      c333b2796807cb4b4e8555479a5e90de68f93d9a

    • SHA256

      4f0d6306a319b2af56e25f39efe0eeff10279aa09fd5d535b37797c2febc7224

    • SHA512

      6d4666dc9d4a1cb922b1346a7d7ed81ff062aa03e502a4c341d890a208a25d2feaed5ae4869be6b6caa21af0ad9657b45445c580550bffb1f7c8fbe713e763d7

    • SSDEEP

      12288:Fy90UnVGLhZktvpwmsQpU0jyo3o3YwC6VW6vMF9qobO4Z:Fyjq+vmmsQG073o3xyI2zK4Z

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.