General

  • Target

    a29f6ebdf80db75131941a65c003f7d4e8d7c4e72edca947d9a74916ce282d75

  • Size

    922KB

  • Sample

    241111-gjw9qsxnfr

  • MD5

    9dedc03a45e49c5eec02c5cb97727af1

  • SHA1

    f301612e7768fc1489d583cfa7a26b62635d0dde

  • SHA256

    a29f6ebdf80db75131941a65c003f7d4e8d7c4e72edca947d9a74916ce282d75

  • SHA512

    7212f31120f21ea8a5184d1bf4d84270205d9465a4e7fa64b771c7d695fc69f5b5d8db014ffb50d8c442f49f2f119e8b9774c00fe8cfd234abad30d088506cf8

  • SSDEEP

    24576:zyDzTBqTsPQt8Ohg0DFUobqcViRzhpZFgu+2g:GDks4t8OfpgRzfZn

Malware Config

Targets

    • Target

      a29f6ebdf80db75131941a65c003f7d4e8d7c4e72edca947d9a74916ce282d75

    • Size

      922KB

    • MD5

      9dedc03a45e49c5eec02c5cb97727af1

    • SHA1

      f301612e7768fc1489d583cfa7a26b62635d0dde

    • SHA256

      a29f6ebdf80db75131941a65c003f7d4e8d7c4e72edca947d9a74916ce282d75

    • SHA512

      7212f31120f21ea8a5184d1bf4d84270205d9465a4e7fa64b771c7d695fc69f5b5d8db014ffb50d8c442f49f2f119e8b9774c00fe8cfd234abad30d088506cf8

    • SSDEEP

      24576:zyDzTBqTsPQt8Ohg0DFUobqcViRzhpZFgu+2g:GDks4t8OfpgRzfZn

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks