General

  • Target

    758e36f0b6920f57a3b0b43b6f3a6f217895a19e43b42e440135857aa759fb9e

  • Size

    479KB

  • Sample

    241109-fqbe6sybke

  • MD5

    92f35a184864d794c21f6563cf89c024

  • SHA1

    1657a6ede4e9bd80c79da934ae924d55e646dd5b

  • SHA256

    758e36f0b6920f57a3b0b43b6f3a6f217895a19e43b42e440135857aa759fb9e

  • SHA512

    e6c4fbb3e03edaacf8f0838e87b301bcca6aa0f7451ac367e047d33332d12e44d1c2e37c76ed3920034dd4e73741c870b406a51512f6c26282612c4b0a431743

  • SSDEEP

    12288:XMr9y900FrS6lQd+TeeQbmyzb+dZQzBzKOqfIqh1Ii8E1:CybFrS6lQdb1zadZQzcOqfznIi86

Malware Config

Targets

    • Target

      758e36f0b6920f57a3b0b43b6f3a6f217895a19e43b42e440135857aa759fb9e

    • Size

      479KB

    • MD5

      92f35a184864d794c21f6563cf89c024

    • SHA1

      1657a6ede4e9bd80c79da934ae924d55e646dd5b

    • SHA256

      758e36f0b6920f57a3b0b43b6f3a6f217895a19e43b42e440135857aa759fb9e

    • SHA512

      e6c4fbb3e03edaacf8f0838e87b301bcca6aa0f7451ac367e047d33332d12e44d1c2e37c76ed3920034dd4e73741c870b406a51512f6c26282612c4b0a431743

    • SSDEEP

      12288:XMr9y900FrS6lQd+TeeQbmyzb+dZQzBzKOqfIqh1Ii8E1:CybFrS6lQdb1zadZQzcOqfznIi86

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks