General

  • Target

    807542b137786f75312f642ff1f048b64c478e83b97e40d83de47e9b16e1134b

  • Size

    704KB

  • Sample

    241109-gzb9hazang

  • MD5

    4e5c4c7e5ecc20415b9b605d56349598

  • SHA1

    5ccea2f35ed29297e46e3272ec3d15c9bd179e47

  • SHA256

    807542b137786f75312f642ff1f048b64c478e83b97e40d83de47e9b16e1134b

  • SHA512

    ca0b7d84d265fe38cf34c66fb98a1d094d834f24dfde392fbd4b8e90d115fee4c435fc30472427aef9661f2ae83285b747ba182e660aebcb0c47d562cd275507

  • SSDEEP

    12288:Dy90WMIqFpjWjwCNTP/nOLmt9I1fzCV3Iz/MzE/KOWFWVRYyi7aVDKe:DyzM/Fpj9CNJirM3ILc6WqRYhGH

Malware Config

Targets

    • Target

      807542b137786f75312f642ff1f048b64c478e83b97e40d83de47e9b16e1134b

    • Size

      704KB

    • MD5

      4e5c4c7e5ecc20415b9b605d56349598

    • SHA1

      5ccea2f35ed29297e46e3272ec3d15c9bd179e47

    • SHA256

      807542b137786f75312f642ff1f048b64c478e83b97e40d83de47e9b16e1134b

    • SHA512

      ca0b7d84d265fe38cf34c66fb98a1d094d834f24dfde392fbd4b8e90d115fee4c435fc30472427aef9661f2ae83285b747ba182e660aebcb0c47d562cd275507

    • SSDEEP

      12288:Dy90WMIqFpjWjwCNTP/nOLmt9I1fzCV3Iz/MzE/KOWFWVRYyi7aVDKe:DyzM/Fpj9CNJirM3ILc6WqRYhGH

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks