General

  • Target

    89d94b70a02777a3daab38fd51cd7b0ca8794dc9f0dee0a39c7526c9cdcecfbe

  • Size

    541KB

  • Sample

    241114-31788avhrd

  • MD5

    7e866cfc6c87b9b8fa880113d4830c36

  • SHA1

    9045b60cc882344026fc0bd3685125445acba8ed

  • SHA256

    89d94b70a02777a3daab38fd51cd7b0ca8794dc9f0dee0a39c7526c9cdcecfbe

  • SHA512

    fb746d2451f43a0fcacaa6ec822c83d956d5cebfda6e606b8be83460203fd1d7c554cd419f48093e493a319384a26d8b71d5e2db8fb6b2d8a0ec2d100ed6d6f0

  • SSDEEP

    6144:Yap0yN90QEoCnjH7wsjEWpYvmJ/ByhTSgt1f4JCe6x0tWeEcxuBmPQko81FeZYrZ:My90iuwoTpYGAFQ8e6uYeEcYIqUCQqC

Malware Config

Targets

    • Target

      89d94b70a02777a3daab38fd51cd7b0ca8794dc9f0dee0a39c7526c9cdcecfbe

    • Size

      541KB

    • MD5

      7e866cfc6c87b9b8fa880113d4830c36

    • SHA1

      9045b60cc882344026fc0bd3685125445acba8ed

    • SHA256

      89d94b70a02777a3daab38fd51cd7b0ca8794dc9f0dee0a39c7526c9cdcecfbe

    • SHA512

      fb746d2451f43a0fcacaa6ec822c83d956d5cebfda6e606b8be83460203fd1d7c554cd419f48093e493a319384a26d8b71d5e2db8fb6b2d8a0ec2d100ed6d6f0

    • SSDEEP

      6144:Yap0yN90QEoCnjH7wsjEWpYvmJ/ByhTSgt1f4JCe6x0tWeEcxuBmPQko81FeZYrZ:My90iuwoTpYGAFQ8e6uYeEcYIqUCQqC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks