General

  • Target

    159d20917e497b3bbdb8c118aad1fadcdf665fcccaf2c42f867727238624ec87

  • Size

    936KB

  • Sample

    241111-gngpvaxpck

  • MD5

    45f3fc7c1e2fa3a444c1afcc05eec9f4

  • SHA1

    d34285f3725df33f4a43d3f09e4ca4e522039b02

  • SHA256

    159d20917e497b3bbdb8c118aad1fadcdf665fcccaf2c42f867727238624ec87

  • SHA512

    32d8b1f7ec29ed4c0f422eb89417ba1cbb3c8973f1f40b39e4ec031407d0e95be38630708a1d5adc057fd2f48656d28e8c024228424c9e420ec960dcb02c37e9

  • SSDEEP

    24576:QyS6YuVgA1qLcGVisfHP1FSpBrCsX/074E:XS2VTGNfvfSrHc

Malware Config

Targets

    • Target

      159d20917e497b3bbdb8c118aad1fadcdf665fcccaf2c42f867727238624ec87

    • Size

      936KB

    • MD5

      45f3fc7c1e2fa3a444c1afcc05eec9f4

    • SHA1

      d34285f3725df33f4a43d3f09e4ca4e522039b02

    • SHA256

      159d20917e497b3bbdb8c118aad1fadcdf665fcccaf2c42f867727238624ec87

    • SHA512

      32d8b1f7ec29ed4c0f422eb89417ba1cbb3c8973f1f40b39e4ec031407d0e95be38630708a1d5adc057fd2f48656d28e8c024228424c9e420ec960dcb02c37e9

    • SSDEEP

      24576:QyS6YuVgA1qLcGVisfHP1FSpBrCsX/074E:XS2VTGNfvfSrHc

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks