General

  • Target

    0a19a37d123da07bad53c7375d42f3a7beb8de37fdf623c39746e12e3924a1c6

  • Size

    618KB

  • Sample

    241111-grl4qsxphj

  • MD5

    b137bba1dec0950fc638ffb15d16a48b

  • SHA1

    5f625d3fa5f61cd90b5c832db0935316bfff8772

  • SHA256

    0a19a37d123da07bad53c7375d42f3a7beb8de37fdf623c39746e12e3924a1c6

  • SHA512

    9fb80425f7cff2dcba6bda5827a67d985e069dd485f16b504399aceab4c9335cba9ed6b3b3d08f819a0335f15f0e876f5cd7692710d4c2e9992177d748a12efc

  • SSDEEP

    12288:5y903kBYcascY4oK92m1UqB/f8aKeRlcwNP5OQIw2DDZBPui:5yukBYVPX9xBn8hOAL1pt

Malware Config

Targets

    • Target

      0a19a37d123da07bad53c7375d42f3a7beb8de37fdf623c39746e12e3924a1c6

    • Size

      618KB

    • MD5

      b137bba1dec0950fc638ffb15d16a48b

    • SHA1

      5f625d3fa5f61cd90b5c832db0935316bfff8772

    • SHA256

      0a19a37d123da07bad53c7375d42f3a7beb8de37fdf623c39746e12e3924a1c6

    • SHA512

      9fb80425f7cff2dcba6bda5827a67d985e069dd485f16b504399aceab4c9335cba9ed6b3b3d08f819a0335f15f0e876f5cd7692710d4c2e9992177d748a12efc

    • SSDEEP

      12288:5y903kBYcascY4oK92m1UqB/f8aKeRlcwNP5OQIw2DDZBPui:5yukBYVPX9xBn8hOAL1pt

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks