General

  • Target

    7d5fe19bb7b07601bec773178ea422a6553db8f625a18b992f9b8141ca961d13N

  • Size

    765KB

  • Sample

    241111-hlq16sylcj

  • MD5

    32e9d2d33db997529ce9d814a53f4570

  • SHA1

    a2280198ee61bfce6d5e661a34783dc4cebfc9b3

  • SHA256

    7d5fe19bb7b07601bec773178ea422a6553db8f625a18b992f9b8141ca961d13

  • SHA512

    b24e17547e32a6627a3a0a02a047ad8d957449bbf3ec6573c27aa5e1b3d5c7cd023acfab267646ab5e55998555e745304ce84e5008061591a935a9a999b2406d

  • SSDEEP

    12288:Ly90zFOle+7anWM7VnCbtWLrUZhKd4wT3nU/IHL+rfUWHyh1RFFT5:LyZeGiWxCrymLTE/IryfUoyh9H

Malware Config

Targets

    • Target

      7d5fe19bb7b07601bec773178ea422a6553db8f625a18b992f9b8141ca961d13N

    • Size

      765KB

    • MD5

      32e9d2d33db997529ce9d814a53f4570

    • SHA1

      a2280198ee61bfce6d5e661a34783dc4cebfc9b3

    • SHA256

      7d5fe19bb7b07601bec773178ea422a6553db8f625a18b992f9b8141ca961d13

    • SHA512

      b24e17547e32a6627a3a0a02a047ad8d957449bbf3ec6573c27aa5e1b3d5c7cd023acfab267646ab5e55998555e745304ce84e5008061591a935a9a999b2406d

    • SSDEEP

      12288:Ly90zFOle+7anWM7VnCbtWLrUZhKd4wT3nU/IHL+rfUWHyh1RFFT5:LyZeGiWxCrymLTE/IryfUoyh9H

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks