General

  • Target

    1535120b5bc9895916425be435dcaaa09a560c59e8d2eb827e15051ac8eb1867

  • Size

    479KB

  • Sample

    241104-re5qes1blh

  • MD5

    ddb9477f7027e26b647e157525946306

  • SHA1

    52297ffb2bff644da713a6a0d401b36d097cd8c8

  • SHA256

    1535120b5bc9895916425be435dcaaa09a560c59e8d2eb827e15051ac8eb1867

  • SHA512

    7137290b7c86e673a4543104a2509335e6d6b8f6c937af0f67a75cb25087c2922d20d3b471ec9b0b20f201132e9941a0581c0e79ad686f704c5eea5a1a48a44c

  • SSDEEP

    6144:K+y+bnr+Xp0yN90QE3FKlUiik+LeWEv5XiFMBygrYiX6CueFTVkQO81OHeWDfk93:eMrzy90XKlCk+9vmBXNTVkxAOG9Ak3

Malware Config

Targets

    • Target

      1535120b5bc9895916425be435dcaaa09a560c59e8d2eb827e15051ac8eb1867

    • Size

      479KB

    • MD5

      ddb9477f7027e26b647e157525946306

    • SHA1

      52297ffb2bff644da713a6a0d401b36d097cd8c8

    • SHA256

      1535120b5bc9895916425be435dcaaa09a560c59e8d2eb827e15051ac8eb1867

    • SHA512

      7137290b7c86e673a4543104a2509335e6d6b8f6c937af0f67a75cb25087c2922d20d3b471ec9b0b20f201132e9941a0581c0e79ad686f704c5eea5a1a48a44c

    • SSDEEP

      6144:K+y+bnr+Xp0yN90QE3FKlUiik+LeWEv5XiFMBygrYiX6CueFTVkQO81OHeWDfk93:eMrzy90XKlCk+9vmBXNTVkxAOG9Ak3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks