General

  • Target

    7b869c28b17af53b6f8e43e156575c8079ad9cf164bb68a2c978ef768049bb16

  • Size

    727KB

  • Sample

    241111-hsv9gaymbp

  • MD5

    f04bfa8dbf01b0419df4d6c1bfbd4f13

  • SHA1

    7d55a74aca424189c66e37affb2033ecb59a30c7

  • SHA256

    7b869c28b17af53b6f8e43e156575c8079ad9cf164bb68a2c978ef768049bb16

  • SHA512

    f5797c879a4d7df5405675cebc51ab11a3842c514188cde6b2f81bec79b09e042e141a0b35bc74446891978d5024053c2ef4d788651b85c72120e83bf0a0122f

  • SSDEEP

    12288:qy90t7G+s8EQ97wSvq42kPdK3bXMU/LJCGnk69OXzuDrIPEQ1owP0BGHybk:qy0qLZQ97wSvqbQEbXMoJZnktXiDriEG

Malware Config

Targets

    • Target

      7b869c28b17af53b6f8e43e156575c8079ad9cf164bb68a2c978ef768049bb16

    • Size

      727KB

    • MD5

      f04bfa8dbf01b0419df4d6c1bfbd4f13

    • SHA1

      7d55a74aca424189c66e37affb2033ecb59a30c7

    • SHA256

      7b869c28b17af53b6f8e43e156575c8079ad9cf164bb68a2c978ef768049bb16

    • SHA512

      f5797c879a4d7df5405675cebc51ab11a3842c514188cde6b2f81bec79b09e042e141a0b35bc74446891978d5024053c2ef4d788651b85c72120e83bf0a0122f

    • SSDEEP

      12288:qy90t7G+s8EQ97wSvq42kPdK3bXMU/LJCGnk69OXzuDrIPEQ1owP0BGHybk:qy0qLZQ97wSvqbQEbXMoJZnktXiDriEG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks