General

  • Target

    6f7a4ee9285ba59759f85e793b2c32ee0cdc494f1b62ddfc4f12b8cebf06de61

  • Size

    563KB

  • Sample

    241111-gwdcdsvdkg

  • MD5

    749b5ca141b359e894284cd872179958

  • SHA1

    686f5225c4692b0d46fa1fe4db61644435891b49

  • SHA256

    6f7a4ee9285ba59759f85e793b2c32ee0cdc494f1b62ddfc4f12b8cebf06de61

  • SHA512

    a77928f58226e7ce3fa2e9cc8add4089778057100e976583ef9e0a5da6ce3dc27cb8d4950363933c46fcc431729b9270279c4b00b9c940e3aff59bd2be8a760c

  • SSDEEP

    12288:Py90yF4QdYf5dcIDI3NjLguPMCzbZa5WpPIclk7I:PyVF4j5SYI3N3gAaqPNh

Malware Config

Targets

    • Target

      6f7a4ee9285ba59759f85e793b2c32ee0cdc494f1b62ddfc4f12b8cebf06de61

    • Size

      563KB

    • MD5

      749b5ca141b359e894284cd872179958

    • SHA1

      686f5225c4692b0d46fa1fe4db61644435891b49

    • SHA256

      6f7a4ee9285ba59759f85e793b2c32ee0cdc494f1b62ddfc4f12b8cebf06de61

    • SHA512

      a77928f58226e7ce3fa2e9cc8add4089778057100e976583ef9e0a5da6ce3dc27cb8d4950363933c46fcc431729b9270279c4b00b9c940e3aff59bd2be8a760c

    • SSDEEP

      12288:Py90yF4QdYf5dcIDI3NjLguPMCzbZa5WpPIclk7I:PyVF4j5SYI3N3gAaqPNh

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks