General

  • Target

    cd93b0a069159693d0cdcf9845cf51bdc2ed834160ab1c3efa3440411360fcf1

  • Size

    566KB

  • Sample

    241110-a7qcrswbpm

  • MD5

    cbf75c9f6228cf5df789a2dacc7fc41a

  • SHA1

    139ec880edcbb2088a8c09cff37ddb8234c492e9

  • SHA256

    cd93b0a069159693d0cdcf9845cf51bdc2ed834160ab1c3efa3440411360fcf1

  • SHA512

    7f25b7c11d963b36be402797220ffb3e1d2947fb0e2af94d7f013a3bbb32dd28286b4f66e47c175380f0a3d0df8b08f43e4c93894cd3ecf800c5cdce1b47494f

  • SSDEEP

    12288:7y90O3azdaeX+SEDUUdd73kos/PwlOo7/wEcurs:7y/VeX+SQVdZzsSOUwE/rs

Malware Config

Targets

    • Target

      cd93b0a069159693d0cdcf9845cf51bdc2ed834160ab1c3efa3440411360fcf1

    • Size

      566KB

    • MD5

      cbf75c9f6228cf5df789a2dacc7fc41a

    • SHA1

      139ec880edcbb2088a8c09cff37ddb8234c492e9

    • SHA256

      cd93b0a069159693d0cdcf9845cf51bdc2ed834160ab1c3efa3440411360fcf1

    • SHA512

      7f25b7c11d963b36be402797220ffb3e1d2947fb0e2af94d7f013a3bbb32dd28286b4f66e47c175380f0a3d0df8b08f43e4c93894cd3ecf800c5cdce1b47494f

    • SSDEEP

      12288:7y90O3azdaeX+SEDUUdd73kos/PwlOo7/wEcurs:7y/VeX+SQVdZzsSOUwE/rs

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks