General

  • Target

    124fea01f1b5265689c99702e0656895d1ed6654534223fc3b85114175083663N

  • Size

    942KB

  • Sample

    241111-ggt2latkcy

  • MD5

    78afcb17c77262b6b6666c2d4b102230

  • SHA1

    33240ba6b7da465306afdd0308f7b58230329861

  • SHA256

    124fea01f1b5265689c99702e0656895d1ed6654534223fc3b85114175083663

  • SHA512

    73b522427537f06771c158a0035c31d88e47d86f803626321c206431e83289dffbf73ea6d16400515a2c9b3ab872a35b41a376b7bff5754df52a09546cb226a5

  • SSDEEP

    24576:iyKm/eLOFQzXXLYHLtXuponrptOmVQGDu8KDRY:J3xFw0xuporpWGWl

Malware Config

Targets

    • Target

      124fea01f1b5265689c99702e0656895d1ed6654534223fc3b85114175083663N

    • Size

      942KB

    • MD5

      78afcb17c77262b6b6666c2d4b102230

    • SHA1

      33240ba6b7da465306afdd0308f7b58230329861

    • SHA256

      124fea01f1b5265689c99702e0656895d1ed6654534223fc3b85114175083663

    • SHA512

      73b522427537f06771c158a0035c31d88e47d86f803626321c206431e83289dffbf73ea6d16400515a2c9b3ab872a35b41a376b7bff5754df52a09546cb226a5

    • SSDEEP

      24576:iyKm/eLOFQzXXLYHLtXuponrptOmVQGDu8KDRY:J3xFw0xuporpWGWl

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks