General

  • Target

    19f5a9b950d9469e4d3fdd4161f7632a192f5f6e2788584d5121f02d08f8f11eN

  • Size

    943KB

  • Sample

    241111-gm6btaxpbp

  • MD5

    b58e9b97a201ade79b947f1536bcea30

  • SHA1

    3e3908609dc67480803cbe4ffb8f563249f752da

  • SHA256

    19f5a9b950d9469e4d3fdd4161f7632a192f5f6e2788584d5121f02d08f8f11e

  • SHA512

    03f6ce080308dc505f44b49ea0c08ae557dc700423ca57dba26e13a500d74b888d8504a7603e5d6260f1fee852bdc42365a272d7c34be20cdd5f8916435fa887

  • SSDEEP

    12288:my90kb0ebql9QLAYJWtq3bfvwwktQunTDlyPBxcBIGSSWNnH2yNd4xzeg4pm:myL05lsAb4bwr9JOiOYwbsK3pm

Malware Config

Targets

    • Target

      19f5a9b950d9469e4d3fdd4161f7632a192f5f6e2788584d5121f02d08f8f11eN

    • Size

      943KB

    • MD5

      b58e9b97a201ade79b947f1536bcea30

    • SHA1

      3e3908609dc67480803cbe4ffb8f563249f752da

    • SHA256

      19f5a9b950d9469e4d3fdd4161f7632a192f5f6e2788584d5121f02d08f8f11e

    • SHA512

      03f6ce080308dc505f44b49ea0c08ae557dc700423ca57dba26e13a500d74b888d8504a7603e5d6260f1fee852bdc42365a272d7c34be20cdd5f8916435fa887

    • SSDEEP

      12288:my90kb0ebql9QLAYJWtq3bfvwwktQunTDlyPBxcBIGSSWNnH2yNd4xzeg4pm:myL05lsAb4bwr9JOiOYwbsK3pm

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks