General

  • Target

    765d6b740e69769c384b555b8ef377214ca071bec4f85b8398096a7739d04a4a

  • Size

    563KB

  • Sample

    241104-qvn7yazglc

  • MD5

    f55b7a18bca7d1790ef62ac229ba7fca

  • SHA1

    b027f7df64825c6bf236eb6fc8685f675e673980

  • SHA256

    765d6b740e69769c384b555b8ef377214ca071bec4f85b8398096a7739d04a4a

  • SHA512

    0a15b5b5d178cdfbaba9b62ff2a357c37348286898f48a963af2a81529ec8e9befd4e6646a4c143aa235230c22d227f07ac01ee7323553b3af118957bcbad87f

  • SSDEEP

    12288:Uy90D0htWr9rPpQMD2CGUGREf3pWsV0rjea2kteMk:UySFiMDHGNREfZWZCRkDk

Malware Config

Targets

    • Target

      765d6b740e69769c384b555b8ef377214ca071bec4f85b8398096a7739d04a4a

    • Size

      563KB

    • MD5

      f55b7a18bca7d1790ef62ac229ba7fca

    • SHA1

      b027f7df64825c6bf236eb6fc8685f675e673980

    • SHA256

      765d6b740e69769c384b555b8ef377214ca071bec4f85b8398096a7739d04a4a

    • SHA512

      0a15b5b5d178cdfbaba9b62ff2a357c37348286898f48a963af2a81529ec8e9befd4e6646a4c143aa235230c22d227f07ac01ee7323553b3af118957bcbad87f

    • SSDEEP

      12288:Uy90D0htWr9rPpQMD2CGUGREf3pWsV0rjea2kteMk:UySFiMDHGNREfZWZCRkDk

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks