General

  • Target

    199c82537e4325aa9351d6647168b0e65af8abc6735595d7ccc5b0a018093ce1

  • Size

    745KB

  • Sample

    241110-b6dg9awlex

  • MD5

    254b95134bf1d7829756650efaad4358

  • SHA1

    05fd3ffa1e7e4712528680f24e8940695305c6f0

  • SHA256

    199c82537e4325aa9351d6647168b0e65af8abc6735595d7ccc5b0a018093ce1

  • SHA512

    6e868c15f3f15e93972d1d4d7124a020e5f0c83edaede84edff6511e4191bd427b8c0d2448054e473e473ea2a57b42462af7c72f15e4c33205db0b2f2d3469d4

  • SSDEEP

    12288:ay90wJroEVTB8NYkXHG1Qv6dYVJGZmLsUhgQUu13TdGBVBT9ERv5L0qIfWan:ayproEVT9kX/vffPt1jAVaRxtQn

Malware Config

Targets

    • Target

      199c82537e4325aa9351d6647168b0e65af8abc6735595d7ccc5b0a018093ce1

    • Size

      745KB

    • MD5

      254b95134bf1d7829756650efaad4358

    • SHA1

      05fd3ffa1e7e4712528680f24e8940695305c6f0

    • SHA256

      199c82537e4325aa9351d6647168b0e65af8abc6735595d7ccc5b0a018093ce1

    • SHA512

      6e868c15f3f15e93972d1d4d7124a020e5f0c83edaede84edff6511e4191bd427b8c0d2448054e473e473ea2a57b42462af7c72f15e4c33205db0b2f2d3469d4

    • SSDEEP

      12288:ay90wJroEVTB8NYkXHG1Qv6dYVJGZmLsUhgQUu13TdGBVBT9ERv5L0qIfWan:ayproEVT9kX/vffPt1jAVaRxtQn

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks