General

  • Target

    41737d8442825db93617929e69fedde7fcf0548e8c1ae5b3fb436e49c36353b3

  • Size

    747KB

  • Sample

    241110-bpqfgsyqfr

  • MD5

    a91f6c58040a0ea4fc0d1e3d77b88105

  • SHA1

    4362087673be7984269841d3fb3a461548d6d34f

  • SHA256

    41737d8442825db93617929e69fedde7fcf0548e8c1ae5b3fb436e49c36353b3

  • SHA512

    abbf2b881829c973c8b876ad7807b8bd758758fe4340dd9a7d0c461b681cf003429e819a8591a825debbdf6ae5b67a10839bb49fa07bbfdb46ee29a0dc8e56a3

  • SSDEEP

    12288:vy90J2DYSDg1RduJ2IX0q/r8T+fhVlSry9EnLJE8bl4wDR5A9GUwaWD:vycSDgXEpX0sra+fpgTblZ157UV0

Malware Config

Targets

    • Target

      41737d8442825db93617929e69fedde7fcf0548e8c1ae5b3fb436e49c36353b3

    • Size

      747KB

    • MD5

      a91f6c58040a0ea4fc0d1e3d77b88105

    • SHA1

      4362087673be7984269841d3fb3a461548d6d34f

    • SHA256

      41737d8442825db93617929e69fedde7fcf0548e8c1ae5b3fb436e49c36353b3

    • SHA512

      abbf2b881829c973c8b876ad7807b8bd758758fe4340dd9a7d0c461b681cf003429e819a8591a825debbdf6ae5b67a10839bb49fa07bbfdb46ee29a0dc8e56a3

    • SSDEEP

      12288:vy90J2DYSDg1RduJ2IX0q/r8T+fhVlSry9EnLJE8bl4wDR5A9GUwaWD:vycSDgXEpX0sra+fpgTblZ157UV0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks