General

  • Target

    b584a859bd67ce94a32fd902f9f4a107a6c2259895ee1d5efdf1b6255704f387

  • Size

    1.5MB

  • Sample

    241109-gnyclaykbw

  • MD5

    d4dc8dae19a11faa9da2c28f08e0a80d

  • SHA1

    59983b7e9321902c980f0e9c797708a1d29bf2ff

  • SHA256

    b584a859bd67ce94a32fd902f9f4a107a6c2259895ee1d5efdf1b6255704f387

  • SHA512

    298b8c6608f513f7427a5ddf43b5e5aaa62368143d4dcd6499cf6e0199b6ae1564bb92097f635dcb662ecf61f0411aa5b7648a21ab3971bccd5d6cada821dcf5

  • SSDEEP

    24576:LyfeYQYfdpNGgt5RoLtKxcpUOcnSUA7Wj0+YwFGte8sz8D7vz:+G0bhq4uw7Ffnz8D7v

Malware Config

Targets

    • Target

      b584a859bd67ce94a32fd902f9f4a107a6c2259895ee1d5efdf1b6255704f387

    • Size

      1.5MB

    • MD5

      d4dc8dae19a11faa9da2c28f08e0a80d

    • SHA1

      59983b7e9321902c980f0e9c797708a1d29bf2ff

    • SHA256

      b584a859bd67ce94a32fd902f9f4a107a6c2259895ee1d5efdf1b6255704f387

    • SHA512

      298b8c6608f513f7427a5ddf43b5e5aaa62368143d4dcd6499cf6e0199b6ae1564bb92097f635dcb662ecf61f0411aa5b7648a21ab3971bccd5d6cada821dcf5

    • SSDEEP

      24576:LyfeYQYfdpNGgt5RoLtKxcpUOcnSUA7Wj0+YwFGte8sz8D7vz:+G0bhq4uw7Ffnz8D7v

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks