General

  • Target

    6932af1b72e5428f52872830d8b209ce700f0cc34e44be0947d504cde27294ff

  • Size

    1.2MB

  • Sample

    241110-awqt6avldy

  • MD5

    027dda9ab81c7b7fe3e36eb71a015ebd

  • SHA1

    1f288df326c8b1258f1070bc9236b8ce966e8803

  • SHA256

    6932af1b72e5428f52872830d8b209ce700f0cc34e44be0947d504cde27294ff

  • SHA512

    6dc6b76a8f12d21c71e1de9d8b4c9e99706928af5cafe043c4c4bdbfb82d32f2ee80fb62c20ea03364db2f890c1ecb7db2f8da93a9f38fdbfd93acc536242867

  • SSDEEP

    24576:DGxKz+TDUpS+Nmj4NGQpy6X6yzjKdFuU40KUcDL0lNp/bPm:DGMOKSUDNGQp9qKqFR4JUcDLqNp/b

Malware Config

Targets

    • Target

      6932af1b72e5428f52872830d8b209ce700f0cc34e44be0947d504cde27294ff

    • Size

      1.2MB

    • MD5

      027dda9ab81c7b7fe3e36eb71a015ebd

    • SHA1

      1f288df326c8b1258f1070bc9236b8ce966e8803

    • SHA256

      6932af1b72e5428f52872830d8b209ce700f0cc34e44be0947d504cde27294ff

    • SHA512

      6dc6b76a8f12d21c71e1de9d8b4c9e99706928af5cafe043c4c4bdbfb82d32f2ee80fb62c20ea03364db2f890c1ecb7db2f8da93a9f38fdbfd93acc536242867

    • SSDEEP

      24576:DGxKz+TDUpS+Nmj4NGQpy6X6yzjKdFuU40KUcDL0lNp/bPm:DGMOKSUDNGQp9qKqFR4JUcDLqNp/b

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks