General

  • Target

    879cddefdd04de096aa19c799ce82144db7b792c97e1a2ab81bfc0d8823681b3

  • Size

    747KB

  • Sample

    241104-qwm19szlbz

  • MD5

    c74892d6263d802b9f25628c1713f130

  • SHA1

    c2b590f8afd24d8c42edd2097a31c87116e60b98

  • SHA256

    879cddefdd04de096aa19c799ce82144db7b792c97e1a2ab81bfc0d8823681b3

  • SHA512

    e497b66d3145d1c08f89ec6574d92a70a30c5f6301170c1552f705cffc553ce872b551a4b41ee71477cff467327c773293e3de7b08d0fa7f8828d47153d214d1

  • SSDEEP

    12288:PAy90f8WPqKYg1wjdv2sk/wrFK/xPMjhEX0uyORi+W8aDs7w1vAf8C:PAym807lsk/mFKJPMY/YQ7wvVC

Malware Config

Targets

    • Target

      879cddefdd04de096aa19c799ce82144db7b792c97e1a2ab81bfc0d8823681b3

    • Size

      747KB

    • MD5

      c74892d6263d802b9f25628c1713f130

    • SHA1

      c2b590f8afd24d8c42edd2097a31c87116e60b98

    • SHA256

      879cddefdd04de096aa19c799ce82144db7b792c97e1a2ab81bfc0d8823681b3

    • SHA512

      e497b66d3145d1c08f89ec6574d92a70a30c5f6301170c1552f705cffc553ce872b551a4b41ee71477cff467327c773293e3de7b08d0fa7f8828d47153d214d1

    • SSDEEP

      12288:PAy90f8WPqKYg1wjdv2sk/wrFK/xPMjhEX0uyORi+W8aDs7w1vAf8C:PAym807lsk/mFKJPMY/YQ7wvVC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks