General

  • Target

    8d6e6c0ad9cd204d11338cd9bc6bd446593f65101b9dae797d970b578c0b4cd8

  • Size

    552KB

  • Sample

    241110-aqn4davkcy

  • MD5

    cf868858c43e3399005f8e8d4078de10

  • SHA1

    3c4c946508001d109c1be96f7211312237ac943b

  • SHA256

    8d6e6c0ad9cd204d11338cd9bc6bd446593f65101b9dae797d970b578c0b4cd8

  • SHA512

    94adae07fc9fd2e6ec6916e583b9071077d7e6209a290b8fea558a81f4782fcd144547fcc5139a7d15881d78ba68f47ff6a69484c957a626d8d586bf086fe044

  • SSDEEP

    12288:Ly90S1uv4Fv+ABW+5IsX7RPiVQZ2GHWLsQqdrnJY8c05aZQdoO:Ly0v++i5X7RPiVQvOsnrnTcCNoO

Malware Config

Targets

    • Target

      8d6e6c0ad9cd204d11338cd9bc6bd446593f65101b9dae797d970b578c0b4cd8

    • Size

      552KB

    • MD5

      cf868858c43e3399005f8e8d4078de10

    • SHA1

      3c4c946508001d109c1be96f7211312237ac943b

    • SHA256

      8d6e6c0ad9cd204d11338cd9bc6bd446593f65101b9dae797d970b578c0b4cd8

    • SHA512

      94adae07fc9fd2e6ec6916e583b9071077d7e6209a290b8fea558a81f4782fcd144547fcc5139a7d15881d78ba68f47ff6a69484c957a626d8d586bf086fe044

    • SSDEEP

      12288:Ly90S1uv4Fv+ABW+5IsX7RPiVQZ2GHWLsQqdrnJY8c05aZQdoO:Ly0v++i5X7RPiVQvOsnrnTcCNoO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks