General

  • Target

    a5ce6d23a7e4aaefd732f70721f53ae3e968150742ca9b1d4a3c076296548a95

  • Size

    569KB

  • Sample

    241109-eqrxgsxdld

  • MD5

    18cd97430bd4030b058147033734c2e2

  • SHA1

    1480b2c33a3ae89957daf7fd5211fa969c4a4392

  • SHA256

    a5ce6d23a7e4aaefd732f70721f53ae3e968150742ca9b1d4a3c076296548a95

  • SHA512

    5661fe8ed7cfa622e4f2589b1925ffe2a822401d3742c68256a48b66f820374bf3fa62c138eda0dc44a640d49ed7cac87918be7d3b4101e7934b16648f586bac

  • SSDEEP

    12288:Sy90QApFigaNx9c0xE9J6OQMlk6/vV83M/q0:SykFi3EPRRq0

Malware Config

Targets

    • Target

      a5ce6d23a7e4aaefd732f70721f53ae3e968150742ca9b1d4a3c076296548a95

    • Size

      569KB

    • MD5

      18cd97430bd4030b058147033734c2e2

    • SHA1

      1480b2c33a3ae89957daf7fd5211fa969c4a4392

    • SHA256

      a5ce6d23a7e4aaefd732f70721f53ae3e968150742ca9b1d4a3c076296548a95

    • SHA512

      5661fe8ed7cfa622e4f2589b1925ffe2a822401d3742c68256a48b66f820374bf3fa62c138eda0dc44a640d49ed7cac87918be7d3b4101e7934b16648f586bac

    • SSDEEP

      12288:Sy90QApFigaNx9c0xE9J6OQMlk6/vV83M/q0:SykFi3EPRRq0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks