General

  • Target

    b896c1fa2f1af00e61f4eaba3d23f3a2add81b6b5315f14089d314ca927b612a

  • Size

    1.0MB

  • Sample

    241104-qr5erazgja

  • MD5

    adb060fa1374a212355529ef044e2484

  • SHA1

    53694464de0e1a748440b50005b401240e62acb8

  • SHA256

    b896c1fa2f1af00e61f4eaba3d23f3a2add81b6b5315f14089d314ca927b612a

  • SHA512

    a3859a79288d6e5087c1917f5c304f6610f1717b9fc7bc8fa5de7e85def752ccdd56d2032559cb0d1b72e245c74ac1a8cc1f75873fff15941f38495db308d9b0

  • SSDEEP

    24576:xyhOi27ILV3Q54lDpoQZYvPWAsWWCXrsgmBdhNkYt7ON:khfP3Q5+7amPYXggWO

Malware Config

Targets

    • Target

      b896c1fa2f1af00e61f4eaba3d23f3a2add81b6b5315f14089d314ca927b612a

    • Size

      1.0MB

    • MD5

      adb060fa1374a212355529ef044e2484

    • SHA1

      53694464de0e1a748440b50005b401240e62acb8

    • SHA256

      b896c1fa2f1af00e61f4eaba3d23f3a2add81b6b5315f14089d314ca927b612a

    • SHA512

      a3859a79288d6e5087c1917f5c304f6610f1717b9fc7bc8fa5de7e85def752ccdd56d2032559cb0d1b72e245c74ac1a8cc1f75873fff15941f38495db308d9b0

    • SSDEEP

      24576:xyhOi27ILV3Q54lDpoQZYvPWAsWWCXrsgmBdhNkYt7ON:khfP3Q5+7amPYXggWO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks