General

  • Target

    963eca11dbe09984642c110eaa792e46198d0b189a21cd4cf4ab5054bf1b8e6d

  • Size

    727KB

  • Sample

    241110-ar5gravhkn

  • MD5

    e5d9728554916101bebe6fb0f1b62658

  • SHA1

    ed12cf7a801f2d3af23ad7916a6e312c33bd55dd

  • SHA256

    963eca11dbe09984642c110eaa792e46198d0b189a21cd4cf4ab5054bf1b8e6d

  • SHA512

    1ca6362ca74428e6212d15122a61dab67559ce8a5b7b01b2e1b4a8bbb9149612f165030c40ca3d1ae7360e24675e7c2268ad5722618bab12df7a7c3a6c28db78

  • SSDEEP

    12288:zy90FItfxbTlJWk+O4Vv+qyvH88EcNdQVfgsxfX1S6oXZUcj9Au2af:zyII14O4zUc2NdQVU3hWS

Malware Config

Targets

    • Target

      963eca11dbe09984642c110eaa792e46198d0b189a21cd4cf4ab5054bf1b8e6d

    • Size

      727KB

    • MD5

      e5d9728554916101bebe6fb0f1b62658

    • SHA1

      ed12cf7a801f2d3af23ad7916a6e312c33bd55dd

    • SHA256

      963eca11dbe09984642c110eaa792e46198d0b189a21cd4cf4ab5054bf1b8e6d

    • SHA512

      1ca6362ca74428e6212d15122a61dab67559ce8a5b7b01b2e1b4a8bbb9149612f165030c40ca3d1ae7360e24675e7c2268ad5722618bab12df7a7c3a6c28db78

    • SSDEEP

      12288:zy90FItfxbTlJWk+O4Vv+qyvH88EcNdQVfgsxfX1S6oXZUcj9Au2af:zyII14O4zUc2NdQVU3hWS

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks