General

  • Target

    977ab11d1a78a28dcd9c572a9869855715dbd80a1b417fc94d71a23e929fc174

  • Size

    1000KB

  • Sample

    241109-gnlzkasjal

  • MD5

    620100d6d3550757a2abb54537b490bb

  • SHA1

    f965a4524820d402d81c920c78885a9505dd7789

  • SHA256

    977ab11d1a78a28dcd9c572a9869855715dbd80a1b417fc94d71a23e929fc174

  • SHA512

    2469f68c4fca8979b5e0c4a109ff8714c0c6712be02bbc16d9db0b5e438782837115c3220a2c7d1b64957d759090e54d70782682f0e694000104a5ac39806ad9

  • SSDEEP

    24576:ZTLrvnFOPYjIA0NCw+J3Hl+yV5vCoyvIc5zlYWSSpb:xrvFqYjbfJV+QvCoyZzt9p

Malware Config

Targets

    • Target

      977ab11d1a78a28dcd9c572a9869855715dbd80a1b417fc94d71a23e929fc174

    • Size

      1000KB

    • MD5

      620100d6d3550757a2abb54537b490bb

    • SHA1

      f965a4524820d402d81c920c78885a9505dd7789

    • SHA256

      977ab11d1a78a28dcd9c572a9869855715dbd80a1b417fc94d71a23e929fc174

    • SHA512

      2469f68c4fca8979b5e0c4a109ff8714c0c6712be02bbc16d9db0b5e438782837115c3220a2c7d1b64957d759090e54d70782682f0e694000104a5ac39806ad9

    • SSDEEP

      24576:ZTLrvnFOPYjIA0NCw+J3Hl+yV5vCoyvIc5zlYWSSpb:xrvFqYjbfJV+QvCoyZzt9p

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks