General

  • Target

    8c15502d0695900af97a105f335a12abf4bb2b1ac0dda5219e0689f0585c3850

  • Size

    569KB

  • Sample

    241122-catp2a1rds

  • MD5

    708ea47536d313e368916e66e1499c7c

  • SHA1

    6ef18031f7f5d2ffa575e5435a659a0a27ca84cd

  • SHA256

    8c15502d0695900af97a105f335a12abf4bb2b1ac0dda5219e0689f0585c3850

  • SHA512

    29a9c6131594cd3a51c7a0ecea16b84ab9177766921bdd089b5f6a3ae30f2484a0c2a2a93b90ff04ab9915b256b43708329e22cb214cdcc0d3aee0566eaa9ad7

  • SSDEEP

    12288:8y90R4F3Z6H2Mod62y1k8mUOe8HIAY083E:8y3F3Z6dQ6L1kZUOe8HFSU

Malware Config

Targets

    • Target

      8c15502d0695900af97a105f335a12abf4bb2b1ac0dda5219e0689f0585c3850

    • Size

      569KB

    • MD5

      708ea47536d313e368916e66e1499c7c

    • SHA1

      6ef18031f7f5d2ffa575e5435a659a0a27ca84cd

    • SHA256

      8c15502d0695900af97a105f335a12abf4bb2b1ac0dda5219e0689f0585c3850

    • SHA512

      29a9c6131594cd3a51c7a0ecea16b84ab9177766921bdd089b5f6a3ae30f2484a0c2a2a93b90ff04ab9915b256b43708329e22cb214cdcc0d3aee0566eaa9ad7

    • SSDEEP

      12288:8y90R4F3Z6H2Mod62y1k8mUOe8HIAY083E:8y3F3Z6dQ6L1kZUOe8HFSU

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks