General

  • Target

    5850c465b543b388ca8d5cb08c2c23d4327396f092efc0d1a23eccf241612e5c

  • Size

    787KB

  • Sample

    241104-q5kx9szhph

  • MD5

    22283c7ffe04ff5f19128d697ebf263d

  • SHA1

    e3d3eb7cbf98e04596eb30cb8e86eec65d98fbd3

  • SHA256

    5850c465b543b388ca8d5cb08c2c23d4327396f092efc0d1a23eccf241612e5c

  • SHA512

    cf3ffb5e7b367139a47818fb045d64ce0efdb90ad79076020bc23331185646f72dc8994d07c4c880e121245feb1ab8204f8c1e9871b8c24107cb715c5aa190d3

  • SSDEEP

    12288:py906cOjpO7M+oqf2Eg4mZ7Az9QGpaqNaNj3e2ckVxjMzo5sVH5AMjrn9Dz9Y:pyWNoz7Aza8kVxjMEGzjrn/Y

Malware Config

Targets

    • Target

      5850c465b543b388ca8d5cb08c2c23d4327396f092efc0d1a23eccf241612e5c

    • Size

      787KB

    • MD5

      22283c7ffe04ff5f19128d697ebf263d

    • SHA1

      e3d3eb7cbf98e04596eb30cb8e86eec65d98fbd3

    • SHA256

      5850c465b543b388ca8d5cb08c2c23d4327396f092efc0d1a23eccf241612e5c

    • SHA512

      cf3ffb5e7b367139a47818fb045d64ce0efdb90ad79076020bc23331185646f72dc8994d07c4c880e121245feb1ab8204f8c1e9871b8c24107cb715c5aa190d3

    • SSDEEP

      12288:py906cOjpO7M+oqf2Eg4mZ7Az9QGpaqNaNj3e2ckVxjMzo5sVH5AMjrn9Dz9Y:pyWNoz7Aza8kVxjMEGzjrn/Y

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks