General

  • Target

    7071a6e00be143e1c39a6d9a045060635eae8123a11540cd2610518b18195fc8

  • Size

    966KB

  • Sample

    241109-gnns6ayka1

  • MD5

    1bb5d0226ca3847a1bc612c6eaf03d35

  • SHA1

    be40d0349245d5c797f199259d8d6e0887b2cc94

  • SHA256

    7071a6e00be143e1c39a6d9a045060635eae8123a11540cd2610518b18195fc8

  • SHA512

    53f472e84709ae6896a985d8ea9013f3e99e4aa4ca67151a8a6f1bbc6feb5d4bf8339b6fc0e298c303fc84749de6c56ff4a57878c3f5d94901afd775240ebfe0

  • SSDEEP

    24576:nyRDjS6GgvND13e3Rl8Jj6TG7R6Ij2JIU5jjeIyhasg:yRDhBxeBl8JmS3sIUdyhas

Malware Config

Targets

    • Target

      7071a6e00be143e1c39a6d9a045060635eae8123a11540cd2610518b18195fc8

    • Size

      966KB

    • MD5

      1bb5d0226ca3847a1bc612c6eaf03d35

    • SHA1

      be40d0349245d5c797f199259d8d6e0887b2cc94

    • SHA256

      7071a6e00be143e1c39a6d9a045060635eae8123a11540cd2610518b18195fc8

    • SHA512

      53f472e84709ae6896a985d8ea9013f3e99e4aa4ca67151a8a6f1bbc6feb5d4bf8339b6fc0e298c303fc84749de6c56ff4a57878c3f5d94901afd775240ebfe0

    • SSDEEP

      24576:nyRDjS6GgvND13e3Rl8Jj6TG7R6Ij2JIU5jjeIyhasg:yRDhBxeBl8JmS3sIUdyhas

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks