General

  • Target

    9913dfab77429022f64e804858753d98a149933028349e834d91841afc08db7c

  • Size

    935KB

  • Sample

    241111-ghg4esvbpc

  • MD5

    92822520ff16b9850b7489432ce8d50f

  • SHA1

    bc936ed8a4ddc0203d8bf11ebab3c34bf8c60f16

  • SHA256

    9913dfab77429022f64e804858753d98a149933028349e834d91841afc08db7c

  • SHA512

    4fd275b058ae98bfaad94703643d400ce6cf8f8b22db359c2a065b66afbc2030e6b0eaaca98d2f249ce1670579bbd48504db097980bd474ae39c5351e94de505

  • SSDEEP

    24576:UyTFJ9CQ+CuPoel+CJcEyAUbaw/pdNzuItVP9U25F:jTFJ2BPD+yUWmjl3P9b

Malware Config

Targets

    • Target

      9913dfab77429022f64e804858753d98a149933028349e834d91841afc08db7c

    • Size

      935KB

    • MD5

      92822520ff16b9850b7489432ce8d50f

    • SHA1

      bc936ed8a4ddc0203d8bf11ebab3c34bf8c60f16

    • SHA256

      9913dfab77429022f64e804858753d98a149933028349e834d91841afc08db7c

    • SHA512

      4fd275b058ae98bfaad94703643d400ce6cf8f8b22db359c2a065b66afbc2030e6b0eaaca98d2f249ce1670579bbd48504db097980bd474ae39c5351e94de505

    • SSDEEP

      24576:UyTFJ9CQ+CuPoel+CJcEyAUbaw/pdNzuItVP9U25F:jTFJ2BPD+yUWmjl3P9b

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks