General

  • Target

    8aa1b8656ce1a83bbfd316f755761fc0d74ddb66a972c9b74d5bc64f319e791b

  • Size

    1.3MB

  • Sample

    241111-gf7w3atgkj

  • MD5

    e2008e27badfc2ee5e267bb2174a28c0

  • SHA1

    bb3c35b75f24aa4dddae6ce60a6407b291937c8f

  • SHA256

    8aa1b8656ce1a83bbfd316f755761fc0d74ddb66a972c9b74d5bc64f319e791b

  • SHA512

    be27672c2d3e88cef86ae9482742b96bc3fe53490e6c3a351e31c3a542f559cc1011816434ec1aa97bacefce7c8672126fb329d03667216cb34fb2d0c7063512

  • SSDEEP

    24576:qIKq5dNtV7We2GWqerZwO7Fk8YxeU5F8Si5LO+rImHhAs4ew2Hk4Q:qI/NKeU1ZwO+eUv8Sima5u4

Malware Config

Targets

    • Target

      8aa1b8656ce1a83bbfd316f755761fc0d74ddb66a972c9b74d5bc64f319e791b

    • Size

      1.3MB

    • MD5

      e2008e27badfc2ee5e267bb2174a28c0

    • SHA1

      bb3c35b75f24aa4dddae6ce60a6407b291937c8f

    • SHA256

      8aa1b8656ce1a83bbfd316f755761fc0d74ddb66a972c9b74d5bc64f319e791b

    • SHA512

      be27672c2d3e88cef86ae9482742b96bc3fe53490e6c3a351e31c3a542f559cc1011816434ec1aa97bacefce7c8672126fb329d03667216cb34fb2d0c7063512

    • SSDEEP

      24576:qIKq5dNtV7We2GWqerZwO7Fk8YxeU5F8Si5LO+rImHhAs4ew2Hk4Q:qI/NKeU1ZwO+eUv8Sima5u4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks