General

  • Target

    182adf87a70fdb2689464abbafbf96650afa0a206e51f50ce3732bd544dd7541.exe

  • Size

    746KB

  • Sample

    241111-gq4bmavcnf

  • MD5

    58650285e9433ac6726f8f145a49847d

  • SHA1

    2b21f837e830b660cdff8092e3d3fc2c3bf6e5b4

  • SHA256

    182adf87a70fdb2689464abbafbf96650afa0a206e51f50ce3732bd544dd7541

  • SHA512

    c9a52b12cabaca4c09071385545b7b63e02b3174d52636dcf2e20df22622b50141a5d76ff2e08a97dbbce546b211d05c248cc0daa1376aadb7386f7f5bbfe578

  • SSDEEP

    12288:9y90anU2UDA6w1dXSiY7ywxypAniaMZJtE9Nk2JF8f0F88udRojdqePZhOktNmo2:9yCTDA6wviilvpgiaM5ENFqTIhvP+kON

Malware Config

Targets

    • Target

      182adf87a70fdb2689464abbafbf96650afa0a206e51f50ce3732bd544dd7541.exe

    • Size

      746KB

    • MD5

      58650285e9433ac6726f8f145a49847d

    • SHA1

      2b21f837e830b660cdff8092e3d3fc2c3bf6e5b4

    • SHA256

      182adf87a70fdb2689464abbafbf96650afa0a206e51f50ce3732bd544dd7541

    • SHA512

      c9a52b12cabaca4c09071385545b7b63e02b3174d52636dcf2e20df22622b50141a5d76ff2e08a97dbbce546b211d05c248cc0daa1376aadb7386f7f5bbfe578

    • SSDEEP

      12288:9y90anU2UDA6w1dXSiY7ywxypAniaMZJtE9Nk2JF8f0F88udRojdqePZhOktNmo2:9yCTDA6wviilvpgiaM5ENFqTIhvP+kON

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks