General

  • Target

    6b87a48bd7a130c43fdf3390582db41b28339ee8d5201cb1f72a4e65cedbc211

  • Size

    703KB

  • Sample

    241110-cgr5saxbkm

  • MD5

    6081d0ba87c3f11a3e7b750fbfcee821

  • SHA1

    9784fe16a8703583437db8e893af9b7843339ca7

  • SHA256

    6b87a48bd7a130c43fdf3390582db41b28339ee8d5201cb1f72a4e65cedbc211

  • SHA512

    a650e2b2b507be8d1d8e47572687bccc0307119ffe90d25430a24c290454409557cb13938a1c16454beb3e7eebef239feee2c3a1c8aec0be56115b6bac8c3573

  • SSDEEP

    12288:vy90q5U4c1Je8PYZyP7wxxlVhdPf5F9mimZawbIiZtAnAPHDgIoUvk:vyHMJHYZoaVf/9miKaKMMnoU8

Malware Config

Targets

    • Target

      6b87a48bd7a130c43fdf3390582db41b28339ee8d5201cb1f72a4e65cedbc211

    • Size

      703KB

    • MD5

      6081d0ba87c3f11a3e7b750fbfcee821

    • SHA1

      9784fe16a8703583437db8e893af9b7843339ca7

    • SHA256

      6b87a48bd7a130c43fdf3390582db41b28339ee8d5201cb1f72a4e65cedbc211

    • SHA512

      a650e2b2b507be8d1d8e47572687bccc0307119ffe90d25430a24c290454409557cb13938a1c16454beb3e7eebef239feee2c3a1c8aec0be56115b6bac8c3573

    • SSDEEP

      12288:vy90q5U4c1Je8PYZyP7wxxlVhdPf5F9mimZawbIiZtAnAPHDgIoUvk:vyHMJHYZoaVf/9miKaKMMnoU8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks