General

  • Target

    9ba030c11e810ad2700465f53a7ad60478e9e14a7b4e3e14e861c5c3decebfdc

  • Size

    706KB

  • Sample

    241115-aypd4swclg

  • MD5

    369113b0c7c805a580f01854599f65f0

  • SHA1

    32d401cdaf50173721cbbb8cfffa8d2cae67565b

  • SHA256

    9ba030c11e810ad2700465f53a7ad60478e9e14a7b4e3e14e861c5c3decebfdc

  • SHA512

    6bd9114c260795a5dccad3e1faef3a5d57498e4da67e9d155b7a4c2324e9b87d303350b013ea4f843865b45d7afdb03acbc16fc888397ae7b98257fd7467e06f

  • SSDEEP

    12288:fy90BrnZcQau+DSBzYLFhzQG08y2fgr9iUaOU31Tu5TC1rHm:fyYwBaYLFi12XUaXMhaG

Malware Config

Targets

    • Target

      9ba030c11e810ad2700465f53a7ad60478e9e14a7b4e3e14e861c5c3decebfdc

    • Size

      706KB

    • MD5

      369113b0c7c805a580f01854599f65f0

    • SHA1

      32d401cdaf50173721cbbb8cfffa8d2cae67565b

    • SHA256

      9ba030c11e810ad2700465f53a7ad60478e9e14a7b4e3e14e861c5c3decebfdc

    • SHA512

      6bd9114c260795a5dccad3e1faef3a5d57498e4da67e9d155b7a4c2324e9b87d303350b013ea4f843865b45d7afdb03acbc16fc888397ae7b98257fd7467e06f

    • SSDEEP

      12288:fy90BrnZcQau+DSBzYLFhzQG08y2fgr9iUaOU31Tu5TC1rHm:fyYwBaYLFi12XUaXMhaG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks