General

  • Target

    a2ab580900c3ab500a259455386d0f8a4d59085be7d85ccbbd5b8a2a1c0965d0

  • Size

    706KB

  • Sample

    241110-atpt3sykdl

  • MD5

    856b96b55ea1ab0674ef924b20e31bdd

  • SHA1

    e95dc4a9dcd749099dae4d98f7a14ed874824985

  • SHA256

    a2ab580900c3ab500a259455386d0f8a4d59085be7d85ccbbd5b8a2a1c0965d0

  • SHA512

    fbc2b375e299deb4326c1bb199c54b68533ed741821f022d81e12d1672a66d83bee31bd4e6e23ba96fb819788f6cbaa1b833d2bb0ed6cb8490ce6b4322f5c400

  • SSDEEP

    12288:Oy90dhFc+m5shVDhjD0CwrNtjh5w+++Hq/R1XZtRhvYNco0OCwRazYWcp:Oy2hS+m5sR0Cwr3h2+++HYFhNOHRakW0

Malware Config

Targets

    • Target

      a2ab580900c3ab500a259455386d0f8a4d59085be7d85ccbbd5b8a2a1c0965d0

    • Size

      706KB

    • MD5

      856b96b55ea1ab0674ef924b20e31bdd

    • SHA1

      e95dc4a9dcd749099dae4d98f7a14ed874824985

    • SHA256

      a2ab580900c3ab500a259455386d0f8a4d59085be7d85ccbbd5b8a2a1c0965d0

    • SHA512

      fbc2b375e299deb4326c1bb199c54b68533ed741821f022d81e12d1672a66d83bee31bd4e6e23ba96fb819788f6cbaa1b833d2bb0ed6cb8490ce6b4322f5c400

    • SSDEEP

      12288:Oy90dhFc+m5shVDhjD0CwrNtjh5w+++Hq/R1XZtRhvYNco0OCwRazYWcp:Oy2hS+m5sR0Cwr3h2+++HYFhNOHRakW0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks