General

  • Target

    aeee07dabcf50b875f47c26ac69763fed1965be37ff41d1e9b349e0f20ad3959

  • Size

    376KB

  • Sample

    241109-fjkp9syall

  • MD5

    ba3d74c42959d489251aada83018136e

  • SHA1

    8c6719106826445c47ba6f6eb0911fd4c2044862

  • SHA256

    aeee07dabcf50b875f47c26ac69763fed1965be37ff41d1e9b349e0f20ad3959

  • SHA512

    7939faec0ae00dfd5439c4465fd77b4e22fd6457a9614d3ec753c4b703222a8aab53a22e4280d5d1e2859623f5ff782113fcb0d29d07d42e4c64d2f3a725e6eb

  • SSDEEP

    6144:Key+bnr+hp0yN90QExlO0EWKcUXRQ77AkTDJb7Htkuvo1YmFLW:2MrVy90vlvEWghMAkTDBHtkuvIpFLW

Malware Config

Targets

    • Target

      aeee07dabcf50b875f47c26ac69763fed1965be37ff41d1e9b349e0f20ad3959

    • Size

      376KB

    • MD5

      ba3d74c42959d489251aada83018136e

    • SHA1

      8c6719106826445c47ba6f6eb0911fd4c2044862

    • SHA256

      aeee07dabcf50b875f47c26ac69763fed1965be37ff41d1e9b349e0f20ad3959

    • SHA512

      7939faec0ae00dfd5439c4465fd77b4e22fd6457a9614d3ec753c4b703222a8aab53a22e4280d5d1e2859623f5ff782113fcb0d29d07d42e4c64d2f3a725e6eb

    • SSDEEP

      6144:Key+bnr+hp0yN90QExlO0EWKcUXRQ77AkTDJb7Htkuvo1YmFLW:2MrVy90vlvEWghMAkTDBHtkuvIpFLW

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks