General

  • Target

    94e484f1c1bd18665a8fa0dd2e5548e8e9a77f92e40fc26706ea94fe723cab8c

  • Size

    695KB

  • Sample

    241104-zqtfjaxbqc

  • MD5

    85ab66819a629da618c967ce2f33dd2d

  • SHA1

    b0542b3a0ff0072cb7c74dae06d5582eb5a8ba87

  • SHA256

    94e484f1c1bd18665a8fa0dd2e5548e8e9a77f92e40fc26706ea94fe723cab8c

  • SHA512

    855c1632e120e3925dc79438ad93d493559c43928d27ec2c86cd8144f9fed835247e3d4c4c7c4dc66a378800c211b2a11063757f80865f6e3937ff6e0dd90f04

  • SSDEEP

    12288:vy90Vzt4LpYEU/8r/+tZ9COyJA+f7Zl4mWv6Ut18bAKvA+6OoxPX0N:vyOiB5r/+tXCXEv6Ut18bAkMxPXo

Malware Config

Targets

    • Target

      94e484f1c1bd18665a8fa0dd2e5548e8e9a77f92e40fc26706ea94fe723cab8c

    • Size

      695KB

    • MD5

      85ab66819a629da618c967ce2f33dd2d

    • SHA1

      b0542b3a0ff0072cb7c74dae06d5582eb5a8ba87

    • SHA256

      94e484f1c1bd18665a8fa0dd2e5548e8e9a77f92e40fc26706ea94fe723cab8c

    • SHA512

      855c1632e120e3925dc79438ad93d493559c43928d27ec2c86cd8144f9fed835247e3d4c4c7c4dc66a378800c211b2a11063757f80865f6e3937ff6e0dd90f04

    • SSDEEP

      12288:vy90Vzt4LpYEU/8r/+tZ9COyJA+f7Zl4mWv6Ut18bAKvA+6OoxPX0N:vyOiB5r/+tXCXEv6Ut18bAkMxPXo

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks