General

  • Target

    dda2f7a4dc61593f572c743c4eecebfe3b5fb55ffea2844fb40372245f23e7be

  • Size

    920KB

  • Sample

    241111-grfa7axpgq

  • MD5

    dbce3f9c7d5e42a12eacda776b1a49e5

  • SHA1

    75e1b7da2fef79a56569ef71af1c3f9e2b9a04de

  • SHA256

    dda2f7a4dc61593f572c743c4eecebfe3b5fb55ffea2844fb40372245f23e7be

  • SHA512

    948436372d17c79a18d7c429d0ba7de7b2312a13dbeb0d48150f657543f1ac24058eb332c4dbb248eed56c81af618d6785bea3319c064801d41433e82c7fa8de

  • SSDEEP

    24576:5ykDT/+6YwM96hRS+T75xsa3KLcfrhelXFWsYqtuGx6FCGU:skHozEvLD7telXFzK

Malware Config

Targets

    • Target

      dda2f7a4dc61593f572c743c4eecebfe3b5fb55ffea2844fb40372245f23e7be

    • Size

      920KB

    • MD5

      dbce3f9c7d5e42a12eacda776b1a49e5

    • SHA1

      75e1b7da2fef79a56569ef71af1c3f9e2b9a04de

    • SHA256

      dda2f7a4dc61593f572c743c4eecebfe3b5fb55ffea2844fb40372245f23e7be

    • SHA512

      948436372d17c79a18d7c429d0ba7de7b2312a13dbeb0d48150f657543f1ac24058eb332c4dbb248eed56c81af618d6785bea3319c064801d41433e82c7fa8de

    • SSDEEP

      24576:5ykDT/+6YwM96hRS+T75xsa3KLcfrhelXFWsYqtuGx6FCGU:skHozEvLD7telXFzK

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks