General

  • Target

    8ac9cafebb47d3586b65ac83680fa222c348a7dde8dfcb239fc74c673d60adf0

  • Size

    704KB

  • Sample

    241109-gysvvszanb

  • MD5

    5e8e2720dd5ee31dc37d4ce989db6a6d

  • SHA1

    9fe9adf39cf2b8430b66bb4a39931f84dcaeada6

  • SHA256

    8ac9cafebb47d3586b65ac83680fa222c348a7dde8dfcb239fc74c673d60adf0

  • SHA512

    eccac50d6ccb7a1c6c1a5f73a3d955dc4f325379cb21deac922267614f32ec2292d016663bbb3b22bce6d3378aa8713537ca0e83933e75662b1bb88e89e215dc

  • SSDEEP

    12288:Py90UYLCTCp4UWokEdJ0nrue2t1vB9RCTkZMI4HKhWS2PwcA+umB+HnMWCbiPK61:PyHsCwWokEdJq+j9aqjdhWS+y+uqMnpN

Malware Config

Targets

    • Target

      8ac9cafebb47d3586b65ac83680fa222c348a7dde8dfcb239fc74c673d60adf0

    • Size

      704KB

    • MD5

      5e8e2720dd5ee31dc37d4ce989db6a6d

    • SHA1

      9fe9adf39cf2b8430b66bb4a39931f84dcaeada6

    • SHA256

      8ac9cafebb47d3586b65ac83680fa222c348a7dde8dfcb239fc74c673d60adf0

    • SHA512

      eccac50d6ccb7a1c6c1a5f73a3d955dc4f325379cb21deac922267614f32ec2292d016663bbb3b22bce6d3378aa8713537ca0e83933e75662b1bb88e89e215dc

    • SSDEEP

      12288:Py90UYLCTCp4UWokEdJ0nrue2t1vB9RCTkZMI4HKhWS2PwcA+umB+HnMWCbiPK61:PyHsCwWokEdJq+j9aqjdhWS+y+uqMnpN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks