General

  • Target

    47ae8692d32e264d867e99589178db87c1ae5f652fde660641f0d351ef9b4de7

  • Size

    1.2MB

  • Sample

    241104-qwfl7asrdl

  • MD5

    51ddb16442c8ab5782c61f0d7dfb8975

  • SHA1

    90daf9e6b04342ac9bd45edb164af5e1a2693852

  • SHA256

    47ae8692d32e264d867e99589178db87c1ae5f652fde660641f0d351ef9b4de7

  • SHA512

    a3362287844e0b965903195ffe689271b8de22ddce02893e9a8c5a7ecb5118326010d62cd4dceef8793c4ad7e6c19e7e1160b4b1aa70c56f16525623fec2d658

  • SSDEEP

    24576:Gc9RstFRHwzmMZlFXCTYaOo2QduHmp8tagFhXskm:GcQrSmdcpOdp/gX

Malware Config

Targets

    • Target

      47ae8692d32e264d867e99589178db87c1ae5f652fde660641f0d351ef9b4de7

    • Size

      1.2MB

    • MD5

      51ddb16442c8ab5782c61f0d7dfb8975

    • SHA1

      90daf9e6b04342ac9bd45edb164af5e1a2693852

    • SHA256

      47ae8692d32e264d867e99589178db87c1ae5f652fde660641f0d351ef9b4de7

    • SHA512

      a3362287844e0b965903195ffe689271b8de22ddce02893e9a8c5a7ecb5118326010d62cd4dceef8793c4ad7e6c19e7e1160b4b1aa70c56f16525623fec2d658

    • SSDEEP

      24576:Gc9RstFRHwzmMZlFXCTYaOo2QduHmp8tagFhXskm:GcQrSmdcpOdp/gX

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks