General

  • Target

    766c25a23ed3e7527bc8c69526af4c55b9125538b20c6c6e034333c7fc505c13

  • Size

    376KB

  • Sample

    241104-qssgkszkft

  • MD5

    1f8be4219e07c30eb93f9c40a785d33a

  • SHA1

    e14199dcbbbd746ec3b4a1bb57157ca392e47a1b

  • SHA256

    766c25a23ed3e7527bc8c69526af4c55b9125538b20c6c6e034333c7fc505c13

  • SHA512

    687e85b06258540a925c14210e92f9d090b1d20cfef7616a1c3efd2cf4eae3a2cbe87d5beca8ef94e5d65ab0fa9482628dda25e7281d252b78df4db5bf55ca08

  • SSDEEP

    6144:Kfy+bnr+lp0yN90QEqjAnObhx5eUJkLvD5NESb6Y09e5MJRkyMv4Tn:xMrly90uAnox3kL75SSbx0k5MJRkF4b

Malware Config

Targets

    • Target

      766c25a23ed3e7527bc8c69526af4c55b9125538b20c6c6e034333c7fc505c13

    • Size

      376KB

    • MD5

      1f8be4219e07c30eb93f9c40a785d33a

    • SHA1

      e14199dcbbbd746ec3b4a1bb57157ca392e47a1b

    • SHA256

      766c25a23ed3e7527bc8c69526af4c55b9125538b20c6c6e034333c7fc505c13

    • SHA512

      687e85b06258540a925c14210e92f9d090b1d20cfef7616a1c3efd2cf4eae3a2cbe87d5beca8ef94e5d65ab0fa9482628dda25e7281d252b78df4db5bf55ca08

    • SSDEEP

      6144:Kfy+bnr+lp0yN90QEqjAnObhx5eUJkLvD5NESb6Y09e5MJRkyMv4Tn:xMrly90uAnox3kL75SSbx0k5MJRkF4b

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks