General

  • Target

    ba1c229880e34f853aac41c65f740a273dc9ba7dc30dd50d123c102264f290f4

  • Size

    691KB

  • Sample

    241109-fzq7zsycqr

  • MD5

    b6b4f9f09b68f0df7e7d31c106c32969

  • SHA1

    9b5c24d3212f06662b88ea896831983617627ac8

  • SHA256

    ba1c229880e34f853aac41c65f740a273dc9ba7dc30dd50d123c102264f290f4

  • SHA512

    37be77362613a63841970d21b2d9a289a7ba48feb290da22e37103d1c927404c43ecd7cbd502a665cbb9dc9667d8d45dbf3e380e88d7d4cf84824825d9084ef1

  • SSDEEP

    12288:+y90PlkEOx0VMjxvS5KD8mYoxfJ3+hMyxX100Cl2BmQZpB34eAk:+yilc6VSAkD8md+x7E2BdZE3k

Malware Config

Targets

    • Target

      ba1c229880e34f853aac41c65f740a273dc9ba7dc30dd50d123c102264f290f4

    • Size

      691KB

    • MD5

      b6b4f9f09b68f0df7e7d31c106c32969

    • SHA1

      9b5c24d3212f06662b88ea896831983617627ac8

    • SHA256

      ba1c229880e34f853aac41c65f740a273dc9ba7dc30dd50d123c102264f290f4

    • SHA512

      37be77362613a63841970d21b2d9a289a7ba48feb290da22e37103d1c927404c43ecd7cbd502a665cbb9dc9667d8d45dbf3e380e88d7d4cf84824825d9084ef1

    • SSDEEP

      12288:+y90PlkEOx0VMjxvS5KD8mYoxfJ3+hMyxX100Cl2BmQZpB34eAk:+yilc6VSAkD8md+x7E2BdZE3k

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks