General

  • Target

    88be0d3f31d57124a331e08e91c99f9528dc26a98fe730523e4f8ad74525f48f

  • Size

    560KB

  • Sample

    241109-fscq1sybnb

  • MD5

    ec454fadbe376114b0a53509ee0d951f

  • SHA1

    f92d3a69d1070700fa40eb06d8e5e860ee88d8cc

  • SHA256

    88be0d3f31d57124a331e08e91c99f9528dc26a98fe730523e4f8ad74525f48f

  • SHA512

    a0a01b84598b269f8ba8a83547603d5941cbfb8432f59d47e899adf59bd09d8cd76cd5ba5fa7ab4a37d54e4fa52752378175297534ca48f75386fb743249a4ae

  • SSDEEP

    12288:Zy90KNNCDVvW/pap+RzDDtcn5edyLEskO:ZyDr6VO/pap/xbkO

Malware Config

Targets

    • Target

      88be0d3f31d57124a331e08e91c99f9528dc26a98fe730523e4f8ad74525f48f

    • Size

      560KB

    • MD5

      ec454fadbe376114b0a53509ee0d951f

    • SHA1

      f92d3a69d1070700fa40eb06d8e5e860ee88d8cc

    • SHA256

      88be0d3f31d57124a331e08e91c99f9528dc26a98fe730523e4f8ad74525f48f

    • SHA512

      a0a01b84598b269f8ba8a83547603d5941cbfb8432f59d47e899adf59bd09d8cd76cd5ba5fa7ab4a37d54e4fa52752378175297534ca48f75386fb743249a4ae

    • SSDEEP

      12288:Zy90KNNCDVvW/pap+RzDDtcn5edyLEskO:ZyDr6VO/pap/xbkO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks