General

  • Target

    85815574a947db48abab8e9a97d1d7b0846d1e0970bbb649966069d32ad2e7b0

  • Size

    966KB

  • Sample

    241109-ecqr9sxbjk

  • MD5

    c7ad3c8e9c80c92634bb4f070b2369bb

  • SHA1

    d0ba9fba8c322ee8db823735ef6676265efd7299

  • SHA256

    85815574a947db48abab8e9a97d1d7b0846d1e0970bbb649966069d32ad2e7b0

  • SHA512

    648f91f81df095f3ee4efc262dd28190df1e132626cf474d66c6f221dbac99eef5238cd80335db3a1657a6a8b420918c610f810e4ab910b55ebea6b46b22fe51

  • SSDEEP

    24576:EyiYVQcDzEerAoLuO1oxC4FOcTGK0UvDq:TNVQcDAaTroxC4FOcT

Malware Config

Targets

    • Target

      85815574a947db48abab8e9a97d1d7b0846d1e0970bbb649966069d32ad2e7b0

    • Size

      966KB

    • MD5

      c7ad3c8e9c80c92634bb4f070b2369bb

    • SHA1

      d0ba9fba8c322ee8db823735ef6676265efd7299

    • SHA256

      85815574a947db48abab8e9a97d1d7b0846d1e0970bbb649966069d32ad2e7b0

    • SHA512

      648f91f81df095f3ee4efc262dd28190df1e132626cf474d66c6f221dbac99eef5238cd80335db3a1657a6a8b420918c610f810e4ab910b55ebea6b46b22fe51

    • SSDEEP

      24576:EyiYVQcDzEerAoLuO1oxC4FOcTGK0UvDq:TNVQcDAaTroxC4FOcT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks