General

  • Target

    0046b9bb17f28d1d3bdbabb7de0f887460b25b7038ff8a24871c8e33f85a70ae

  • Size

    690KB

  • Sample

    241110-clgjvaxckp

  • MD5

    2670361dd8a8c8aca1c9280b62ddac84

  • SHA1

    d05fc16addf9e931832632a2dffbd98526be0063

  • SHA256

    0046b9bb17f28d1d3bdbabb7de0f887460b25b7038ff8a24871c8e33f85a70ae

  • SHA512

    ab79d4589f732e985a654e280c5ece68817711faa4d9878a5a96fe23c637ea6649ed98eba640855aef287ba68a91c54923fffb9ca199ddb408e99ec777527627

  • SSDEEP

    12288:cy90d/SLwZ5FXlF6gSRKnc0hdDpRLZn4C8Jp058s2vmKWW/zMgMx5:cyoq61AV0nVR1nJ8gZ2vPWwMj

Malware Config

Targets

    • Target

      0046b9bb17f28d1d3bdbabb7de0f887460b25b7038ff8a24871c8e33f85a70ae

    • Size

      690KB

    • MD5

      2670361dd8a8c8aca1c9280b62ddac84

    • SHA1

      d05fc16addf9e931832632a2dffbd98526be0063

    • SHA256

      0046b9bb17f28d1d3bdbabb7de0f887460b25b7038ff8a24871c8e33f85a70ae

    • SHA512

      ab79d4589f732e985a654e280c5ece68817711faa4d9878a5a96fe23c637ea6649ed98eba640855aef287ba68a91c54923fffb9ca199ddb408e99ec777527627

    • SSDEEP

      12288:cy90d/SLwZ5FXlF6gSRKnc0hdDpRLZn4C8Jp058s2vmKWW/zMgMx5:cyoq61AV0nVR1nJ8gZ2vPWwMj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks