General

  • Target

    7838df9015a1fb254f8ebb76d50a0311f48cef47c1790fc33330d7034cb41e1b

  • Size

    479KB

  • Sample

    241104-qwd4cs1brq

  • MD5

    9d45003bbd9cd2f80671082546ed872e

  • SHA1

    64e6057f4ca9c2cf00fb83254aa523a2061adf43

  • SHA256

    7838df9015a1fb254f8ebb76d50a0311f48cef47c1790fc33330d7034cb41e1b

  • SHA512

    6c59091cde77a57156a3d4ff9920e9fc9cfaa0188cbb549b7dfa14e5788577f0f305c214ec7d9d8089e1fa15f1c03fd19e58fc082f9e8385bab693ca32734381

  • SSDEEP

    12288:SMrxy90pYX2iHi5TxdLQ7ep9nX1XcBEMPPxtJGHu:DykEi5TjMmlXc9qu

Malware Config

Targets

    • Target

      7838df9015a1fb254f8ebb76d50a0311f48cef47c1790fc33330d7034cb41e1b

    • Size

      479KB

    • MD5

      9d45003bbd9cd2f80671082546ed872e

    • SHA1

      64e6057f4ca9c2cf00fb83254aa523a2061adf43

    • SHA256

      7838df9015a1fb254f8ebb76d50a0311f48cef47c1790fc33330d7034cb41e1b

    • SHA512

      6c59091cde77a57156a3d4ff9920e9fc9cfaa0188cbb549b7dfa14e5788577f0f305c214ec7d9d8089e1fa15f1c03fd19e58fc082f9e8385bab693ca32734381

    • SSDEEP

      12288:SMrxy90pYX2iHi5TxdLQ7ep9nX1XcBEMPPxtJGHu:DykEi5TjMmlXc9qu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks