General

  • Target

    193eb7bddbff4f5a784794238c51619fef1c038087be825b71ae0356c53b57ec

  • Size

    703KB

  • Sample

    241109-xtqspszgjd

  • MD5

    e7b82e5c0ed2b96c0457bb40ad8cd5bc

  • SHA1

    c90d7488d3503a87888e2b0ab8e580fd35835cb7

  • SHA256

    193eb7bddbff4f5a784794238c51619fef1c038087be825b71ae0356c53b57ec

  • SHA512

    c63762fe27132c3edbfa4c8c7f89f55c54190e94c3c804c931c708df1ff256c4b1bb4deb40d1c2ef42e95d7af39d97c757d0b3e81a156ffc69d23fa14cda793b

  • SSDEEP

    12288:ay90N2vdyYRJ5rhW7H6PRkM+dQIjFwYpP26JdDCl9AGoz4a:ayIKyYRJ5r2H6PV+dJ5zg6Je9A34a

Malware Config

Targets

    • Target

      193eb7bddbff4f5a784794238c51619fef1c038087be825b71ae0356c53b57ec

    • Size

      703KB

    • MD5

      e7b82e5c0ed2b96c0457bb40ad8cd5bc

    • SHA1

      c90d7488d3503a87888e2b0ab8e580fd35835cb7

    • SHA256

      193eb7bddbff4f5a784794238c51619fef1c038087be825b71ae0356c53b57ec

    • SHA512

      c63762fe27132c3edbfa4c8c7f89f55c54190e94c3c804c931c708df1ff256c4b1bb4deb40d1c2ef42e95d7af39d97c757d0b3e81a156ffc69d23fa14cda793b

    • SSDEEP

      12288:ay90N2vdyYRJ5rhW7H6PRkM+dQIjFwYpP26JdDCl9AGoz4a:ayIKyYRJ5r2H6PV+dJ5zg6Je9A34a

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks