General

  • Target

    6c8072b4ae245470dad1a23c03674663a49b6f7cd1cb5634e36ba595871404c1

  • Size

    617KB

  • Sample

    241109-za2f7s1kaw

  • MD5

    a161d8c80856bbfb7cd80daeed9c3461

  • SHA1

    3ea511161aa5989f8522485a2dd1e856500b8cc9

  • SHA256

    6c8072b4ae245470dad1a23c03674663a49b6f7cd1cb5634e36ba595871404c1

  • SHA512

    1ad24c45f98c33a26ae40ed6e6842ce6f54569fd66e87f764aa6692b7e7d009f7c1e60837977f83fe00f50dee43871a9ca2d187fded9a8b416e6f459e1e7f4d7

  • SSDEEP

    12288:gy906ka1TzNa/C4A1aLPqjsC7CYpxdhl8Wzq4Gbof:gyVn1Tzw/BssC7CUblXcof

Malware Config

Targets

    • Target

      6c8072b4ae245470dad1a23c03674663a49b6f7cd1cb5634e36ba595871404c1

    • Size

      617KB

    • MD5

      a161d8c80856bbfb7cd80daeed9c3461

    • SHA1

      3ea511161aa5989f8522485a2dd1e856500b8cc9

    • SHA256

      6c8072b4ae245470dad1a23c03674663a49b6f7cd1cb5634e36ba595871404c1

    • SHA512

      1ad24c45f98c33a26ae40ed6e6842ce6f54569fd66e87f764aa6692b7e7d009f7c1e60837977f83fe00f50dee43871a9ca2d187fded9a8b416e6f459e1e7f4d7

    • SSDEEP

      12288:gy906ka1TzNa/C4A1aLPqjsC7CYpxdhl8Wzq4Gbof:gyVn1Tzw/BssC7CUblXcof

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks