General

  • Target

    432d7cbf11d89a37ba95b50360d24e58e2ab1f48332556ba86503e2701f1ba32

  • Size

    935KB

  • Sample

    241109-xn1qqasqdm

  • MD5

    5d02e6a16e0697669ffd2a728f737dc5

  • SHA1

    0dccfce52822ddfbcf36a75f4713a8f58b46c61c

  • SHA256

    432d7cbf11d89a37ba95b50360d24e58e2ab1f48332556ba86503e2701f1ba32

  • SHA512

    5b08581afb03fc4ffc3a129d71c0830a9e12a9b45effd898b7a1aed28467080632a24ee02d46e618e3387fb218809ebff904c084f8f5c7a7bbc7689944be593b

  • SSDEEP

    24576:4y9ssVIDVzxZNRNwIO/amMzMzAfv9ajGOcGZoWYQA:/ismVrPNhlzM0u

Malware Config

Targets

    • Target

      432d7cbf11d89a37ba95b50360d24e58e2ab1f48332556ba86503e2701f1ba32

    • Size

      935KB

    • MD5

      5d02e6a16e0697669ffd2a728f737dc5

    • SHA1

      0dccfce52822ddfbcf36a75f4713a8f58b46c61c

    • SHA256

      432d7cbf11d89a37ba95b50360d24e58e2ab1f48332556ba86503e2701f1ba32

    • SHA512

      5b08581afb03fc4ffc3a129d71c0830a9e12a9b45effd898b7a1aed28467080632a24ee02d46e618e3387fb218809ebff904c084f8f5c7a7bbc7689944be593b

    • SSDEEP

      24576:4y9ssVIDVzxZNRNwIO/amMzMzAfv9ajGOcGZoWYQA:/ismVrPNhlzM0u

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks