General

  • Target

    aa3b2910a03e9b76aa725348ea72f1d3551f86909739f234fc836b7962ed8220

  • Size

    828KB

  • Sample

    241111-gt4rkaxqbp

  • MD5

    194d6c13e6d617cfd4c3f33e02ab3f1e

  • SHA1

    0c984484f120893ddcceb774e41b01781bb4ff19

  • SHA256

    aa3b2910a03e9b76aa725348ea72f1d3551f86909739f234fc836b7962ed8220

  • SHA512

    9acdfc8a44ce9fe1d62339dde1f7567664eac2da1197cc9e9cdcb56be6459a4069663268e7102ad7e2f561720f1a4eda2f7510fb8f381d14aa62125dfe99a4f5

  • SSDEEP

    24576:PyBEnb0A2Mo8R1vmEQ4n7Pxe4AmLSWOr3x:aBib0zkvnnDxkm+

Malware Config

Targets

    • Target

      aa3b2910a03e9b76aa725348ea72f1d3551f86909739f234fc836b7962ed8220

    • Size

      828KB

    • MD5

      194d6c13e6d617cfd4c3f33e02ab3f1e

    • SHA1

      0c984484f120893ddcceb774e41b01781bb4ff19

    • SHA256

      aa3b2910a03e9b76aa725348ea72f1d3551f86909739f234fc836b7962ed8220

    • SHA512

      9acdfc8a44ce9fe1d62339dde1f7567664eac2da1197cc9e9cdcb56be6459a4069663268e7102ad7e2f561720f1a4eda2f7510fb8f381d14aa62125dfe99a4f5

    • SSDEEP

      24576:PyBEnb0A2Mo8R1vmEQ4n7Pxe4AmLSWOr3x:aBib0zkvnnDxkm+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks