General

  • Target

    06b135f8ef02753255a52a25873ee14e8303dfa72108708cc6ccadfd29bf188f

  • Size

    923KB

  • Sample

    241111-gm9dgathkj

  • MD5

    3792ee874ba70e8fb92793779faa80eb

  • SHA1

    b70e78b692b16d8303cd8dc536f5d01b9f23a9cc

  • SHA256

    06b135f8ef02753255a52a25873ee14e8303dfa72108708cc6ccadfd29bf188f

  • SHA512

    ff0a515d205c323a9e52fb64ce3d5b84a2c4475c1cdf0e8a973743eb6c2b16695d1105679a2a881b73cbcd9909d3ff3bd08f259f9a9f24a0e928e4384851bf75

  • SSDEEP

    24576:5yK96KQhGSAOSz50wV3fDfvfxQKprh26Q+i:ss/WGZNf5LZlpYS

Malware Config

Targets

    • Target

      06b135f8ef02753255a52a25873ee14e8303dfa72108708cc6ccadfd29bf188f

    • Size

      923KB

    • MD5

      3792ee874ba70e8fb92793779faa80eb

    • SHA1

      b70e78b692b16d8303cd8dc536f5d01b9f23a9cc

    • SHA256

      06b135f8ef02753255a52a25873ee14e8303dfa72108708cc6ccadfd29bf188f

    • SHA512

      ff0a515d205c323a9e52fb64ce3d5b84a2c4475c1cdf0e8a973743eb6c2b16695d1105679a2a881b73cbcd9909d3ff3bd08f259f9a9f24a0e928e4384851bf75

    • SSDEEP

      24576:5yK96KQhGSAOSz50wV3fDfvfxQKprh26Q+i:ss/WGZNf5LZlpYS

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks