General

  • Target

    e85ceb1ea04bb5f794abadcbb290d7336ca87b56e3c9beeb9d802fe1a96f7316

  • Size

    690KB

  • Sample

    241111-gne61svcld

  • MD5

    82a2197f0d0d06f2ab360e93ba9bfe48

  • SHA1

    0167e5375beed3137d43c471cc2f25d955ebd8f3

  • SHA256

    e85ceb1ea04bb5f794abadcbb290d7336ca87b56e3c9beeb9d802fe1a96f7316

  • SHA512

    ce9feded8c19d1ad219f4076289c68266bcae59acd55c08de6176b090311a256fa4a8cd1d68f445251e81cfb0663793587f84cf1c82dfcb4ab1108b7eacd7f90

  • SSDEEP

    12288:Xy90Rd8Lp85MmT0MVXDhPEpOY+d7eNOuJOKw3ls2VBaFl6Cie0+oJHhHnR7:XyM285loMfPKSdVLKWy2YJil+othx7

Malware Config

Targets

    • Target

      e85ceb1ea04bb5f794abadcbb290d7336ca87b56e3c9beeb9d802fe1a96f7316

    • Size

      690KB

    • MD5

      82a2197f0d0d06f2ab360e93ba9bfe48

    • SHA1

      0167e5375beed3137d43c471cc2f25d955ebd8f3

    • SHA256

      e85ceb1ea04bb5f794abadcbb290d7336ca87b56e3c9beeb9d802fe1a96f7316

    • SHA512

      ce9feded8c19d1ad219f4076289c68266bcae59acd55c08de6176b090311a256fa4a8cd1d68f445251e81cfb0663793587f84cf1c82dfcb4ab1108b7eacd7f90

    • SSDEEP

      12288:Xy90Rd8Lp85MmT0MVXDhPEpOY+d7eNOuJOKw3ls2VBaFl6Cie0+oJHhHnR7:XyM285loMfPKSdVLKWy2YJil+othx7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks