General

  • Target

    aa287e63e7801f3cfe162fcf59cb82d5ac0a605271e5bcc54397a2b642f5a758

  • Size

    691KB

  • Sample

    241109-gtfdzaykhv

  • MD5

    f8f8e6ebb483e67a4bbbf87b7742732a

  • SHA1

    0033930a5fe0f95c6819dfd865dd48ae57339613

  • SHA256

    aa287e63e7801f3cfe162fcf59cb82d5ac0a605271e5bcc54397a2b642f5a758

  • SHA512

    8a10ed073fdd2a3c307fd1d1af973859f37a4e03f5ca42721aecc7033b344516655157d1c29ebd0865723be5b2b7c5c508e7a3ef8e23c0604241b66f77e6f9f0

  • SSDEEP

    12288:Gy90C5W9bltXrkm1KczV+e0VZUgs1RIPOMsBuGD4HSBOs6a:Gyx5W9blJrkm1KcKVugYBuGkHSBl6a

Malware Config

Targets

    • Target

      aa287e63e7801f3cfe162fcf59cb82d5ac0a605271e5bcc54397a2b642f5a758

    • Size

      691KB

    • MD5

      f8f8e6ebb483e67a4bbbf87b7742732a

    • SHA1

      0033930a5fe0f95c6819dfd865dd48ae57339613

    • SHA256

      aa287e63e7801f3cfe162fcf59cb82d5ac0a605271e5bcc54397a2b642f5a758

    • SHA512

      8a10ed073fdd2a3c307fd1d1af973859f37a4e03f5ca42721aecc7033b344516655157d1c29ebd0865723be5b2b7c5c508e7a3ef8e23c0604241b66f77e6f9f0

    • SSDEEP

      12288:Gy90C5W9bltXrkm1KczV+e0VZUgs1RIPOMsBuGD4HSBOs6a:Gyx5W9blJrkm1KcKVugYBuGkHSBl6a

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks