General

  • Target

    b73ee08514f39450beded961656e8b302b2d40aeaaf92c184a34a9ebc16b6c07

  • Size

    727KB

  • Sample

    241104-q7gzdszme1

  • MD5

    0394aa19ca5e04fa810c13751993626e

  • SHA1

    d09be67003d7cfce522f53ce8441e4fa1e38bb0c

  • SHA256

    b73ee08514f39450beded961656e8b302b2d40aeaaf92c184a34a9ebc16b6c07

  • SHA512

    45497bc5d90342ed60d6d5100b779fde8b5df5686de270702f9a7b3e79c9ea46a6982956d06fa87b9b69f34f404dff9d7a896a546d35bbed1d196ac6371b8541

  • SSDEEP

    12288:Ky905yKbhfywfDpgyWAy95w5/5/he2hkcvhP3vUUXZBkPwDaWuiOr63c:KyiF1ywVgyWfs5/5/NScvh/jJowHuHR

Malware Config

Targets

    • Target

      b73ee08514f39450beded961656e8b302b2d40aeaaf92c184a34a9ebc16b6c07

    • Size

      727KB

    • MD5

      0394aa19ca5e04fa810c13751993626e

    • SHA1

      d09be67003d7cfce522f53ce8441e4fa1e38bb0c

    • SHA256

      b73ee08514f39450beded961656e8b302b2d40aeaaf92c184a34a9ebc16b6c07

    • SHA512

      45497bc5d90342ed60d6d5100b779fde8b5df5686de270702f9a7b3e79c9ea46a6982956d06fa87b9b69f34f404dff9d7a896a546d35bbed1d196ac6371b8541

    • SSDEEP

      12288:Ky905yKbhfywfDpgyWAy95w5/5/he2hkcvhP3vUUXZBkPwDaWuiOr63c:KyiF1ywVgyWfs5/5/NScvh/jJowHuHR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks