General

  • Target

    8a50098e4a4ea7ab73fe6a6b31b4f680d28a408b979364d8461faef71c7f930f

  • Size

    563KB

  • Sample

    241110-a5a53ayman

  • MD5

    42491131ed7938b52535e2a9199cd45f

  • SHA1

    4deb74945097df005e1aa2ce7a471752cb20f815

  • SHA256

    8a50098e4a4ea7ab73fe6a6b31b4f680d28a408b979364d8461faef71c7f930f

  • SHA512

    99cabcc0fd62d310294331721169524345e0d53443bbacf32f68bb205095f0a7f22dcdadcd78ee9f6094d27612f449d021a90a2d7bbc7fec3c437ffb021055eb

  • SSDEEP

    12288:6y900HoWQzhL86o2RGREf5pWru0rjeaLPkPaY:6yHOVPiREfDWNC4PkPr

Malware Config

Targets

    • Target

      8a50098e4a4ea7ab73fe6a6b31b4f680d28a408b979364d8461faef71c7f930f

    • Size

      563KB

    • MD5

      42491131ed7938b52535e2a9199cd45f

    • SHA1

      4deb74945097df005e1aa2ce7a471752cb20f815

    • SHA256

      8a50098e4a4ea7ab73fe6a6b31b4f680d28a408b979364d8461faef71c7f930f

    • SHA512

      99cabcc0fd62d310294331721169524345e0d53443bbacf32f68bb205095f0a7f22dcdadcd78ee9f6094d27612f449d021a90a2d7bbc7fec3c437ffb021055eb

    • SSDEEP

      12288:6y900HoWQzhL86o2RGREf5pWru0rjeaLPkPaY:6yHOVPiREfDWNC4PkPr

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks