General

  • Target

    a625698ba0ea32bb52436cadb7c912c96f12facc903c8534cdd1a2b6d4cf64ff

  • Size

    690KB

  • Sample

    241109-egqcasxbpr

  • MD5

    823948042a4efceea0eab24a2715ab82

  • SHA1

    86949d022abf6076dbd36c30ae4fbb46af882ba7

  • SHA256

    a625698ba0ea32bb52436cadb7c912c96f12facc903c8534cdd1a2b6d4cf64ff

  • SHA512

    ff95c1b82668361a99800a95f4bab172dc82418e87c9daa67b654d6daf47f6ab72055a40cf618aebcaa02ceaeed1fa5e1182acf09382a6644b5215c363786f14

  • SSDEEP

    12288:Jy90AfOSe7ZQYtMBQObHczVbyZmBJ/O872uGDBgCVX3wGv41:JyQSTBbc0Y2uGtgCVwGv41

Malware Config

Targets

    • Target

      a625698ba0ea32bb52436cadb7c912c96f12facc903c8534cdd1a2b6d4cf64ff

    • Size

      690KB

    • MD5

      823948042a4efceea0eab24a2715ab82

    • SHA1

      86949d022abf6076dbd36c30ae4fbb46af882ba7

    • SHA256

      a625698ba0ea32bb52436cadb7c912c96f12facc903c8534cdd1a2b6d4cf64ff

    • SHA512

      ff95c1b82668361a99800a95f4bab172dc82418e87c9daa67b654d6daf47f6ab72055a40cf618aebcaa02ceaeed1fa5e1182acf09382a6644b5215c363786f14

    • SSDEEP

      12288:Jy90AfOSe7ZQYtMBQObHczVbyZmBJ/O872uGDBgCVX3wGv41:JyQSTBbc0Y2uGtgCVwGv41

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks