General

  • Target

    adf95b85545e42b5cd1404afe053cf7b41967eed03d147c9121aa12eb85b5c49

  • Size

    564KB

  • Sample

    241104-qsalrssqhn

  • MD5

    97f2370ec6e80723851ac6f750dd8dd3

  • SHA1

    fbd8210d6c12a082a86f30578da00c75ed5b9fe7

  • SHA256

    adf95b85545e42b5cd1404afe053cf7b41967eed03d147c9121aa12eb85b5c49

  • SHA512

    8b5ddafadf35c49d9e5c8242e22c82efe7f3f19bf5ac2f451082fbda19d30f15f689bad4aaa4c3d64045b7c009f3c8144944205780a86c2487500ad4822877e7

  • SSDEEP

    12288:hy90TKAoIrNDIZxaw4I2sqIkOzQ0EthnMSLcCiO7CwR2S7/:hyqhoqjsS23EtFBLcCt2wR2S7/

Malware Config

Targets

    • Target

      adf95b85545e42b5cd1404afe053cf7b41967eed03d147c9121aa12eb85b5c49

    • Size

      564KB

    • MD5

      97f2370ec6e80723851ac6f750dd8dd3

    • SHA1

      fbd8210d6c12a082a86f30578da00c75ed5b9fe7

    • SHA256

      adf95b85545e42b5cd1404afe053cf7b41967eed03d147c9121aa12eb85b5c49

    • SHA512

      8b5ddafadf35c49d9e5c8242e22c82efe7f3f19bf5ac2f451082fbda19d30f15f689bad4aaa4c3d64045b7c009f3c8144944205780a86c2487500ad4822877e7

    • SSDEEP

      12288:hy90TKAoIrNDIZxaw4I2sqIkOzQ0EthnMSLcCiO7CwR2S7/:hyqhoqjsS23EtFBLcCt2wR2S7/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks