General

  • Target

    b83c9355cd8899c270c7dd4dc0c4b05032ce6f9ab28ff2e23d509a18f224bf6f

  • Size

    828KB

  • Sample

    241104-qww9yazlct

  • MD5

    8188be46f838f8f67a6a01e822a73cba

  • SHA1

    55152ef03bdf05675aa75a1930138dcde63f015d

  • SHA256

    b83c9355cd8899c270c7dd4dc0c4b05032ce6f9ab28ff2e23d509a18f224bf6f

  • SHA512

    a02cc4150823edc78b3d3246fba7c9e554cc65d1ceda136d01f3bde29ce03b29f66ea6eb0a9a094a8c2a8fa9fb49dba8183f2642901deb65068a5df30eb5177d

  • SSDEEP

    12288:/y90gaoacoBvaAOPeCGAbeTAKXsQHOxK51bEwS9K3kGC6z+JzhjiqvP/wcW5:/y/aoacg3CtCV0xuKUpCgc17Zu

Malware Config

Targets

    • Target

      b83c9355cd8899c270c7dd4dc0c4b05032ce6f9ab28ff2e23d509a18f224bf6f

    • Size

      828KB

    • MD5

      8188be46f838f8f67a6a01e822a73cba

    • SHA1

      55152ef03bdf05675aa75a1930138dcde63f015d

    • SHA256

      b83c9355cd8899c270c7dd4dc0c4b05032ce6f9ab28ff2e23d509a18f224bf6f

    • SHA512

      a02cc4150823edc78b3d3246fba7c9e554cc65d1ceda136d01f3bde29ce03b29f66ea6eb0a9a094a8c2a8fa9fb49dba8183f2642901deb65068a5df30eb5177d

    • SSDEEP

      12288:/y90gaoacoBvaAOPeCGAbeTAKXsQHOxK51bEwS9K3kGC6z+JzhjiqvP/wcW5:/y/aoacg3CtCV0xuKUpCgc17Zu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks