General

  • Target

    d241c3ee3226b473ce781e6640d3c24944ed93e186e357bf4d73f4eebace3453

  • Size

    1.3MB

  • Sample

    241111-grnmkatldw

  • MD5

    94a4ffea38725bd3e209ef688e0c6be8

  • SHA1

    d08b4d9b5a76baea58069ba6c63aedfefbdb9bb7

  • SHA256

    d241c3ee3226b473ce781e6640d3c24944ed93e186e357bf4d73f4eebace3453

  • SHA512

    23511277f57334de76a9062c88d87282df7df74be31467a915fbf01c4eb81f68d8a5061514933cd59f649e4f705d6cfb1b3e9f4808a9684157e6c8d13b36db79

  • SSDEEP

    24576:TysEziN50opohiUnAig8+DAPxVjP/SaJMqlbrZrGga:msd01lt2exVjPKaiql

Malware Config

Targets

    • Target

      d241c3ee3226b473ce781e6640d3c24944ed93e186e357bf4d73f4eebace3453

    • Size

      1.3MB

    • MD5

      94a4ffea38725bd3e209ef688e0c6be8

    • SHA1

      d08b4d9b5a76baea58069ba6c63aedfefbdb9bb7

    • SHA256

      d241c3ee3226b473ce781e6640d3c24944ed93e186e357bf4d73f4eebace3453

    • SHA512

      23511277f57334de76a9062c88d87282df7df74be31467a915fbf01c4eb81f68d8a5061514933cd59f649e4f705d6cfb1b3e9f4808a9684157e6c8d13b36db79

    • SSDEEP

      24576:TysEziN50opohiUnAig8+DAPxVjP/SaJMqlbrZrGga:msd01lt2exVjPKaiql

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks