General

  • Target

    f1037ddebbc61250d0820a9ce88c185ed5c86a97f524fb5e2ee2c561a22f642b

  • Size

    827KB

  • Sample

    241111-hptlgatrdy

  • MD5

    80d8920dad2348236833d9ce8958091e

  • SHA1

    a336eaa0f5f244ca591ac209d395da74a04d4368

  • SHA256

    f1037ddebbc61250d0820a9ce88c185ed5c86a97f524fb5e2ee2c561a22f642b

  • SHA512

    53e7d3a18030dc49f5f426a7fb459b65d4524cdebd0504e1fbf545129cf6bc49c9942283da237ad9d381442df399a635a70021115d4d94bd6f809c9ecf8de777

  • SSDEEP

    24576:PyQVRvivwKmgu4e5QAau5D7Fl5JlzGDsLcYlS3R:aQHvivwKm/4e5QAa0F5lzqGcYlm

Malware Config

Targets

    • Target

      f1037ddebbc61250d0820a9ce88c185ed5c86a97f524fb5e2ee2c561a22f642b

    • Size

      827KB

    • MD5

      80d8920dad2348236833d9ce8958091e

    • SHA1

      a336eaa0f5f244ca591ac209d395da74a04d4368

    • SHA256

      f1037ddebbc61250d0820a9ce88c185ed5c86a97f524fb5e2ee2c561a22f642b

    • SHA512

      53e7d3a18030dc49f5f426a7fb459b65d4524cdebd0504e1fbf545129cf6bc49c9942283da237ad9d381442df399a635a70021115d4d94bd6f809c9ecf8de777

    • SSDEEP

      24576:PyQVRvivwKmgu4e5QAau5D7Fl5JlzGDsLcYlS3R:aQHvivwKm/4e5QAa0F5lzqGcYlm

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks