General

  • Target

    a845129a2bc1f81adf1408e7122c216a6966d6f486d069d0fa8d8d98fcca97a2

  • Size

    1000KB

  • Sample

    241104-qv56fs1brl

  • MD5

    a68dd4c1e87b106acb490aab38955c5e

  • SHA1

    1ddc611c08f32ecb3a00bce967a8f4265f896698

  • SHA256

    a845129a2bc1f81adf1408e7122c216a6966d6f486d069d0fa8d8d98fcca97a2

  • SHA512

    0db784dc1ef562bcd81cb2f3cfd6203b18119e24d1062f8bc23efc54ab09292adc29daa5a01e02c3e04669f940a9354b6d4dceace6e8a0ca0987e697ad036fd2

  • SSDEEP

    24576:ITLrvnFOPYjIA0NCw+J3Hl+yV5vCoyvIc5zlYWSSpb:ervFqYjbfJV+QvCoyZzt9p

Malware Config

Targets

    • Target

      a845129a2bc1f81adf1408e7122c216a6966d6f486d069d0fa8d8d98fcca97a2

    • Size

      1000KB

    • MD5

      a68dd4c1e87b106acb490aab38955c5e

    • SHA1

      1ddc611c08f32ecb3a00bce967a8f4265f896698

    • SHA256

      a845129a2bc1f81adf1408e7122c216a6966d6f486d069d0fa8d8d98fcca97a2

    • SHA512

      0db784dc1ef562bcd81cb2f3cfd6203b18119e24d1062f8bc23efc54ab09292adc29daa5a01e02c3e04669f940a9354b6d4dceace6e8a0ca0987e697ad036fd2

    • SSDEEP

      24576:ITLrvnFOPYjIA0NCw+J3Hl+yV5vCoyvIc5zlYWSSpb:ervFqYjbfJV+QvCoyZzt9p

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks