General

  • Target

    38961f049bcca92ccfc2f2a6050d015e343c923239db46c808cf3a4c84fa5179

  • Size

    560KB

  • Sample

    241104-qs3bsa1bpm

  • MD5

    1f455cb48ec9e8c7243242aeb2bc95a8

  • SHA1

    3219ae347bbf7389294d7ccb755dae6c70f12b63

  • SHA256

    38961f049bcca92ccfc2f2a6050d015e343c923239db46c808cf3a4c84fa5179

  • SHA512

    8c4171d11ce895bb274464c840ea34ac611bc4429db4d93153b6f14e4b79ddf4d7afcc490700d85bd4acf530e4b1a9fc8b99bd6e467abc9826bcd491430bd1ac

  • SSDEEP

    12288:4y90Wtag24/UkG7oqKez3NphVIDFTl1BcudVJ2oZbjY:4yRag2OvG7o0rlMrKW9Y

Malware Config

Targets

    • Target

      38961f049bcca92ccfc2f2a6050d015e343c923239db46c808cf3a4c84fa5179

    • Size

      560KB

    • MD5

      1f455cb48ec9e8c7243242aeb2bc95a8

    • SHA1

      3219ae347bbf7389294d7ccb755dae6c70f12b63

    • SHA256

      38961f049bcca92ccfc2f2a6050d015e343c923239db46c808cf3a4c84fa5179

    • SHA512

      8c4171d11ce895bb274464c840ea34ac611bc4429db4d93153b6f14e4b79ddf4d7afcc490700d85bd4acf530e4b1a9fc8b99bd6e467abc9826bcd491430bd1ac

    • SSDEEP

      12288:4y90Wtag24/UkG7oqKez3NphVIDFTl1BcudVJ2oZbjY:4yRag2OvG7o0rlMrKW9Y

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks