General

  • Target

    a43b849966cb941c63ac992208beaf0ba9f2966978444f6f0e05771dd40eade2

  • Size

    612KB

  • Sample

    241110-bqbzgsvrdz

  • MD5

    a866cdbb94191a63aa66604937720f76

  • SHA1

    2fae3394eeb54793f477b70cf32c764f725624d7

  • SHA256

    a43b849966cb941c63ac992208beaf0ba9f2966978444f6f0e05771dd40eade2

  • SHA512

    88760f8822333c3feb14a3cbabe395f3587e8fb602058cad4a030118ccd1d8097c83981c72451f18aaf91388b7c3095f67daecbce1b2d5b5948f9827d848cdf7

  • SSDEEP

    6144:yYp0yN90QE98Mfm/0zfjenKqDTmMIp4hwXaUe+Ulk6w0lBQIaG+GTf0i9TK+ER+U:Yy90PmO0KqDHzUkNrGzJmluZHcExank

Malware Config

Targets

    • Target

      a43b849966cb941c63ac992208beaf0ba9f2966978444f6f0e05771dd40eade2

    • Size

      612KB

    • MD5

      a866cdbb94191a63aa66604937720f76

    • SHA1

      2fae3394eeb54793f477b70cf32c764f725624d7

    • SHA256

      a43b849966cb941c63ac992208beaf0ba9f2966978444f6f0e05771dd40eade2

    • SHA512

      88760f8822333c3feb14a3cbabe395f3587e8fb602058cad4a030118ccd1d8097c83981c72451f18aaf91388b7c3095f67daecbce1b2d5b5948f9827d848cdf7

    • SSDEEP

      6144:yYp0yN90QE98Mfm/0zfjenKqDTmMIp4hwXaUe+Ulk6w0lBQIaG+GTf0i9TK+ER+U:Yy90PmO0KqDHzUkNrGzJmluZHcExank

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks