General

  • Target

    47299c62ed5cce2f562817d29ab22e1850a2a24c433be17b5229efdc2c501fc2

  • Size

    706KB

  • Sample

    241104-qsx23asram

  • MD5

    f8071c1c97e3b70a869a0e83d1445a56

  • SHA1

    d11f9f3450730e823cb78f1a8879ea80f97acf73

  • SHA256

    47299c62ed5cce2f562817d29ab22e1850a2a24c433be17b5229efdc2c501fc2

  • SHA512

    9c3235892153fb3031979ecd318d7c43691c107b66638b28b8e93651d581726f17e531bab84f2bbfafa23d185f91c95f25f3766a814e5d19b502c8891458f84f

  • SSDEEP

    12288:xy90ajqQtgvXhp1QT7jUAn+9vwWX+Uc3j6rTKotdrOJY8c0SPZ+O1FKM7u:xyhm90hec3fCrOTc5PFY

Malware Config

Targets

    • Target

      47299c62ed5cce2f562817d29ab22e1850a2a24c433be17b5229efdc2c501fc2

    • Size

      706KB

    • MD5

      f8071c1c97e3b70a869a0e83d1445a56

    • SHA1

      d11f9f3450730e823cb78f1a8879ea80f97acf73

    • SHA256

      47299c62ed5cce2f562817d29ab22e1850a2a24c433be17b5229efdc2c501fc2

    • SHA512

      9c3235892153fb3031979ecd318d7c43691c107b66638b28b8e93651d581726f17e531bab84f2bbfafa23d185f91c95f25f3766a814e5d19b502c8891458f84f

    • SSDEEP

      12288:xy90ajqQtgvXhp1QT7jUAn+9vwWX+Uc3j6rTKotdrOJY8c0SPZ+O1FKM7u:xyhm90hec3fCrOTc5PFY

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks