General

  • Target

    32e960666e4ba91cd0169245efa699f95129f2037fd870de81e690d453a8ee28

  • Size

    566KB

  • Sample

    241111-gttxcsvcrg

  • MD5

    a7a5739d1b0afc246ae044a79fa33f7d

  • SHA1

    472c6b89a2bd4022aa9565333f2c297236f9ffcd

  • SHA256

    32e960666e4ba91cd0169245efa699f95129f2037fd870de81e690d453a8ee28

  • SHA512

    c42abddbc4d66fdb5a3321aa93ec3917bea67dec8f8e6cbbe9b858cc50f29bdfb9ec3232be2d25d771feb456b33300e93353cd00f6ecf497e25c39f2a83baa90

  • SSDEEP

    12288:3y90mQXyFwa+if93p4bAnf4F5XIEydBA3Ou7MEi7:3ywXg+if93p4bi4F5XIE2iw

Malware Config

Targets

    • Target

      32e960666e4ba91cd0169245efa699f95129f2037fd870de81e690d453a8ee28

    • Size

      566KB

    • MD5

      a7a5739d1b0afc246ae044a79fa33f7d

    • SHA1

      472c6b89a2bd4022aa9565333f2c297236f9ffcd

    • SHA256

      32e960666e4ba91cd0169245efa699f95129f2037fd870de81e690d453a8ee28

    • SHA512

      c42abddbc4d66fdb5a3321aa93ec3917bea67dec8f8e6cbbe9b858cc50f29bdfb9ec3232be2d25d771feb456b33300e93353cd00f6ecf497e25c39f2a83baa90

    • SSDEEP

      12288:3y90mQXyFwa+if93p4bAnf4F5XIEydBA3Ou7MEi7:3ywXg+if93p4bi4F5XIE2iw

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks