General

  • Target

    779e567905af383de5280f0257c493124887efe6b2b0570dbe648bbe9619cf7a

  • Size

    695KB

  • Sample

    241110-dl218ayblj

  • MD5

    a8ce422b604bf966ff551cdae918df1e

  • SHA1

    4254f6990b3a8a5a6a5df31bd6a214b957f45560

  • SHA256

    779e567905af383de5280f0257c493124887efe6b2b0570dbe648bbe9619cf7a

  • SHA512

    1fbaea554de1d0c7496e9782bc5994ed229e6db8051e5b4c02ed51a2d82ef12be86f1561d1295929d013fb424eef167243f079c7f7a598735c10b8603aae4e79

  • SSDEEP

    12288:Ay902ddFjT6ZiFLo5SUgVKCeuNjRvN02WNUR5zLkkxvKhAOtBIp:AyjddvdfV7PNjRVhWNe5zLkKvw/Ip

Malware Config

Targets

    • Target

      779e567905af383de5280f0257c493124887efe6b2b0570dbe648bbe9619cf7a

    • Size

      695KB

    • MD5

      a8ce422b604bf966ff551cdae918df1e

    • SHA1

      4254f6990b3a8a5a6a5df31bd6a214b957f45560

    • SHA256

      779e567905af383de5280f0257c493124887efe6b2b0570dbe648bbe9619cf7a

    • SHA512

      1fbaea554de1d0c7496e9782bc5994ed229e6db8051e5b4c02ed51a2d82ef12be86f1561d1295929d013fb424eef167243f079c7f7a598735c10b8603aae4e79

    • SSDEEP

      12288:Ay902ddFjT6ZiFLo5SUgVKCeuNjRvN02WNUR5zLkkxvKhAOtBIp:AyjddvdfV7PNjRVhWNe5zLkKvw/Ip

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks