General

  • Target

    8ddfdda1be4f4c4edccd33ddf9dfd7356d69a7da680f3254480ccc1a513621de

  • Size

    919KB

  • Sample

    241109-fqvh2syblg

  • MD5

    aa9ee0550f42f4a7875efa4ff33dc7b7

  • SHA1

    f1d39b41ec9c5b4aba312340eb9715dbfd7135be

  • SHA256

    8ddfdda1be4f4c4edccd33ddf9dfd7356d69a7da680f3254480ccc1a513621de

  • SHA512

    1b9488bbb95f38c0a3cc5a26468f43e74e066447b6f9dea9ba53ea4fa301a21203e6a8f60186ffb3bebaacea1b8dd58ded839b66ae1e5cca67eb280b4c856e3e

  • SSDEEP

    24576:aymK41zZDbDUMw5CkKApOcu1CD7yraWvN9Ag/vgS:hmK4BZm5pMwGGWVyav

Malware Config

Targets

    • Target

      8ddfdda1be4f4c4edccd33ddf9dfd7356d69a7da680f3254480ccc1a513621de

    • Size

      919KB

    • MD5

      aa9ee0550f42f4a7875efa4ff33dc7b7

    • SHA1

      f1d39b41ec9c5b4aba312340eb9715dbfd7135be

    • SHA256

      8ddfdda1be4f4c4edccd33ddf9dfd7356d69a7da680f3254480ccc1a513621de

    • SHA512

      1b9488bbb95f38c0a3cc5a26468f43e74e066447b6f9dea9ba53ea4fa301a21203e6a8f60186ffb3bebaacea1b8dd58ded839b66ae1e5cca67eb280b4c856e3e

    • SSDEEP

      24576:aymK41zZDbDUMw5CkKApOcu1CD7yraWvN9Ag/vgS:hmK4BZm5pMwGGWVyav

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks