General

  • Target

    908cacdf9847471c19e02468bf6f9de5db7690dbc8f180244f1eb3dacb66dfae

  • Size

    965KB

  • Sample

    241104-qva1basrcl

  • MD5

    82434c52cb9347b02a811be716aa87ce

  • SHA1

    d33b78fee5b199dcdb55d10627bee1071877ff06

  • SHA256

    908cacdf9847471c19e02468bf6f9de5db7690dbc8f180244f1eb3dacb66dfae

  • SHA512

    b6a2327b6911f434280a2a1c25a7193b08cda2d26024a020c9c7cc67ecdaad0a21998521e749d6143de0b614e8df5fb516a2c4514bb6247a1e63c7f78687063d

  • SSDEEP

    24576:Ty0W1K8OVMGhq9eEegpdPY5IY+mHuC4LePNbx:m91kVRapdw5IY+VC4Le

Malware Config

Targets

    • Target

      908cacdf9847471c19e02468bf6f9de5db7690dbc8f180244f1eb3dacb66dfae

    • Size

      965KB

    • MD5

      82434c52cb9347b02a811be716aa87ce

    • SHA1

      d33b78fee5b199dcdb55d10627bee1071877ff06

    • SHA256

      908cacdf9847471c19e02468bf6f9de5db7690dbc8f180244f1eb3dacb66dfae

    • SHA512

      b6a2327b6911f434280a2a1c25a7193b08cda2d26024a020c9c7cc67ecdaad0a21998521e749d6143de0b614e8df5fb516a2c4514bb6247a1e63c7f78687063d

    • SSDEEP

      24576:Ty0W1K8OVMGhq9eEegpdPY5IY+mHuC4LePNbx:m91kVRapdw5IY+VC4Le

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks