General

  • Target

    8e5de95d2601fd6bb0a5ce1a4e31b488e3685ccd7aa61d58e9a6e3004cf672cd

  • Size

    690KB

  • Sample

    241110-a77l2svngt

  • MD5

    a354eab424766e36c45f4111d4bb214d

  • SHA1

    a74417f29061413713f9822050e67ee321f413f7

  • SHA256

    8e5de95d2601fd6bb0a5ce1a4e31b488e3685ccd7aa61d58e9a6e3004cf672cd

  • SHA512

    d02f8d6af83492e3fbae01c25b2d4ee0c1d30f2cce1d46b93b521669b9e6f8c76050d12417e12014b601d729b83862ffffe0c3c903c003e23afe510eb1b6278f

  • SSDEEP

    12288:Wy90zpi5HNXULubOs2KYxnLnHTB1rmrTkz0MWU2kmREKMqUqoo:WybtNNa91T15Q6h2kkEDo

Malware Config

Targets

    • Target

      8e5de95d2601fd6bb0a5ce1a4e31b488e3685ccd7aa61d58e9a6e3004cf672cd

    • Size

      690KB

    • MD5

      a354eab424766e36c45f4111d4bb214d

    • SHA1

      a74417f29061413713f9822050e67ee321f413f7

    • SHA256

      8e5de95d2601fd6bb0a5ce1a4e31b488e3685ccd7aa61d58e9a6e3004cf672cd

    • SHA512

      d02f8d6af83492e3fbae01c25b2d4ee0c1d30f2cce1d46b93b521669b9e6f8c76050d12417e12014b601d729b83862ffffe0c3c903c003e23afe510eb1b6278f

    • SSDEEP

      12288:Wy90zpi5HNXULubOs2KYxnLnHTB1rmrTkz0MWU2kmREKMqUqoo:WybtNNa91T15Q6h2kkEDo

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks