General

  • Target

    d99e8661fac9702174730cf3b9041a991f438679c9a401333645cee7793f0795

  • Size

    558KB

  • Sample

    241109-gnh8nsyhkl

  • MD5

    131f3f5892bf506879c0cd9e3bc2803e

  • SHA1

    f919d0f90554f3b866a2b823c719fe95ec1748fa

  • SHA256

    d99e8661fac9702174730cf3b9041a991f438679c9a401333645cee7793f0795

  • SHA512

    0e86a591670fb2a68a71395ba492543bdc531642b43a16ea5c173f45a143aa3a915c4930c636548d478a14bc8252c9c590b078574cc113a6399c7f17185ba5ab

  • SSDEEP

    12288:Ty90bapx7dwW5RetNMYpAyQ2DDuaixqBdpw06tbiu4MuU:TyW8CWbePvIkXC0W54MB

Malware Config

Targets

    • Target

      d99e8661fac9702174730cf3b9041a991f438679c9a401333645cee7793f0795

    • Size

      558KB

    • MD5

      131f3f5892bf506879c0cd9e3bc2803e

    • SHA1

      f919d0f90554f3b866a2b823c719fe95ec1748fa

    • SHA256

      d99e8661fac9702174730cf3b9041a991f438679c9a401333645cee7793f0795

    • SHA512

      0e86a591670fb2a68a71395ba492543bdc531642b43a16ea5c173f45a143aa3a915c4930c636548d478a14bc8252c9c590b078574cc113a6399c7f17185ba5ab

    • SSDEEP

      12288:Ty90bapx7dwW5RetNMYpAyQ2DDuaixqBdpw06tbiu4MuU:TyW8CWbePvIkXC0W54MB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks