General

  • Target

    abb058cbee27b24a9e51c03ee4f66da2de85ccf69a93197f4dfd0f483d1aed6a

  • Size

    690KB

  • Sample

    241104-q9acbszmhy

  • MD5

    0a674110846b351a2d31927f43b596fe

  • SHA1

    0ef1a06fdc80972fcbb71525afda3870a6f7a6a3

  • SHA256

    abb058cbee27b24a9e51c03ee4f66da2de85ccf69a93197f4dfd0f483d1aed6a

  • SHA512

    2e4a4e27a6bd1e71166bf4d98928790de8f41b196685a9b52f5b603ef58b215d755b18ba883b90d0270a61afb2c27e9479a10675e59be952ad56667cc3ae643c

  • SSDEEP

    12288:qy90Z95/TKTtg6/7jH3IFBqB7ShtS4gnWO2VBrHlRCieb+f6a:qy45/ET/HHQQBx46Z2RsiM+fz

Malware Config

Targets

    • Target

      abb058cbee27b24a9e51c03ee4f66da2de85ccf69a93197f4dfd0f483d1aed6a

    • Size

      690KB

    • MD5

      0a674110846b351a2d31927f43b596fe

    • SHA1

      0ef1a06fdc80972fcbb71525afda3870a6f7a6a3

    • SHA256

      abb058cbee27b24a9e51c03ee4f66da2de85ccf69a93197f4dfd0f483d1aed6a

    • SHA512

      2e4a4e27a6bd1e71166bf4d98928790de8f41b196685a9b52f5b603ef58b215d755b18ba883b90d0270a61afb2c27e9479a10675e59be952ad56667cc3ae643c

    • SSDEEP

      12288:qy90Z95/TKTtg6/7jH3IFBqB7ShtS4gnWO2VBrHlRCieb+f6a:qy45/ET/HHQQBx46Z2RsiM+fz

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks