General

  • Target

    82f7aa39e2b30b395d9b4df172f054756171f7328d99d519bef4169e3746e02d

  • Size

    563KB

  • Sample

    241111-hteccaymcm

  • MD5

    ec36c8d3c68a9fe9b7dbeacb36218694

  • SHA1

    9c11ce12f4630d8b7549206a6b141544c63c1cd1

  • SHA256

    82f7aa39e2b30b395d9b4df172f054756171f7328d99d519bef4169e3746e02d

  • SHA512

    43337db21fed7e086b3d5b55dec4ce172263bf7755c634fbcc628b4394f4a976d967948c99442b82bbe81a3910d976780b82503e9d003b336c4caf0d42a1a9ba

  • SSDEEP

    12288:Ky90JEyvh73XGGOwKIyKm4ZDIUDVhMH2z8Cei/KDnfKI/J:Kyjwh7nGxDkDIsXy2oI/KDfB/J

Malware Config

Targets

    • Target

      82f7aa39e2b30b395d9b4df172f054756171f7328d99d519bef4169e3746e02d

    • Size

      563KB

    • MD5

      ec36c8d3c68a9fe9b7dbeacb36218694

    • SHA1

      9c11ce12f4630d8b7549206a6b141544c63c1cd1

    • SHA256

      82f7aa39e2b30b395d9b4df172f054756171f7328d99d519bef4169e3746e02d

    • SHA512

      43337db21fed7e086b3d5b55dec4ce172263bf7755c634fbcc628b4394f4a976d967948c99442b82bbe81a3910d976780b82503e9d003b336c4caf0d42a1a9ba

    • SSDEEP

      12288:Ky90JEyvh73XGGOwKIyKm4ZDIUDVhMH2z8Cei/KDnfKI/J:Kyjwh7nGxDkDIsXy2oI/KDfB/J

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks