General

  • Target

    8cf789c998abd5d05a87efd6c0aa4c4d6fe294bc1547d3ec20d77b6c83a5878f

  • Size

    697KB

  • Sample

    241109-ejv1kaxbrg

  • MD5

    8257ca0a6b8b14a4afa6969d1be82242

  • SHA1

    5e8234f1818eb70fab059bcd869b9d62be1e35e6

  • SHA256

    8cf789c998abd5d05a87efd6c0aa4c4d6fe294bc1547d3ec20d77b6c83a5878f

  • SHA512

    f49642dda621e11ec79d561332ffe33df133bf196846fc87197897ae86dc0841329fbdc4585b8434a0a9705a1ac04cfb140f56ad27e8b9ebe08c218def12a1e2

  • SSDEEP

    12288:Zy90T9YHVOGsrqDJnYA//FevAjPejVoVwzxmsofBPkUSwdCVK175bggxmX:ZyoKVO1+ZWjCVtsofdkPwAIVbJxq

Malware Config

Targets

    • Target

      8cf789c998abd5d05a87efd6c0aa4c4d6fe294bc1547d3ec20d77b6c83a5878f

    • Size

      697KB

    • MD5

      8257ca0a6b8b14a4afa6969d1be82242

    • SHA1

      5e8234f1818eb70fab059bcd869b9d62be1e35e6

    • SHA256

      8cf789c998abd5d05a87efd6c0aa4c4d6fe294bc1547d3ec20d77b6c83a5878f

    • SHA512

      f49642dda621e11ec79d561332ffe33df133bf196846fc87197897ae86dc0841329fbdc4585b8434a0a9705a1ac04cfb140f56ad27e8b9ebe08c218def12a1e2

    • SSDEEP

      12288:Zy90T9YHVOGsrqDJnYA//FevAjPejVoVwzxmsofBPkUSwdCVK175bggxmX:ZyoKVO1+ZWjCVtsofdkPwAIVbJxq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks