General

  • Target

    5126723ec38dbdf0ff563759711be3a5d26acc403e35c6a0196c81c5acd9cfe7

  • Size

    480KB

  • Sample

    241111-ghfklatkdt

  • MD5

    32072f8ad740036a5c8149b5597fd07b

  • SHA1

    fb34b003132bcf7c0b540ec90d66b8e3aa1c81a2

  • SHA256

    5126723ec38dbdf0ff563759711be3a5d26acc403e35c6a0196c81c5acd9cfe7

  • SHA512

    669bf36e7fa74527e0b8e74a3b18f62c806e77692bb01d0c3a1422bd299590113533e791212c998063ed8c60d6b57ba8ea3284c534f9be719e34184ca6e9d275

  • SSDEEP

    12288:kMrxy90e1X6EGyuPqvdCRSkRYOLDbARn1i+Ozx:lyl6EGvgdCR5RYkIEN

Malware Config

Targets

    • Target

      5126723ec38dbdf0ff563759711be3a5d26acc403e35c6a0196c81c5acd9cfe7

    • Size

      480KB

    • MD5

      32072f8ad740036a5c8149b5597fd07b

    • SHA1

      fb34b003132bcf7c0b540ec90d66b8e3aa1c81a2

    • SHA256

      5126723ec38dbdf0ff563759711be3a5d26acc403e35c6a0196c81c5acd9cfe7

    • SHA512

      669bf36e7fa74527e0b8e74a3b18f62c806e77692bb01d0c3a1422bd299590113533e791212c998063ed8c60d6b57ba8ea3284c534f9be719e34184ca6e9d275

    • SSDEEP

      12288:kMrxy90e1X6EGyuPqvdCRSkRYOLDbARn1i+Ozx:lyl6EGvgdCR5RYkIEN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks