General

  • Target

    3d930973014bdf5f9d66eb32a1d41924de4d9895a3b0dc422c977f9ac46ae7ca

  • Size

    480KB

  • Sample

    241110-bqjdkavrex

  • MD5

    636ae0d41c2625358d3fcb3d48e00e65

  • SHA1

    529b515c93197aec3da6b1545cb533690c2500ed

  • SHA256

    3d930973014bdf5f9d66eb32a1d41924de4d9895a3b0dc422c977f9ac46ae7ca

  • SHA512

    5b2122944f3861aa981f84b1d973b3dcbbac9ccde37844fb6752aaff1cda20950cc8551f3e5d7e428f68cfdf460c849740c2970b3f62fb0da9979d5061ced03c

  • SSDEEP

    12288:AMrEy90y0H/WK9/xHvMG15ODFuqp7NmAgyzmQKna27b5za:0yv0HJ/xPMGCDzNtiW27lza

Malware Config

Targets

    • Target

      3d930973014bdf5f9d66eb32a1d41924de4d9895a3b0dc422c977f9ac46ae7ca

    • Size

      480KB

    • MD5

      636ae0d41c2625358d3fcb3d48e00e65

    • SHA1

      529b515c93197aec3da6b1545cb533690c2500ed

    • SHA256

      3d930973014bdf5f9d66eb32a1d41924de4d9895a3b0dc422c977f9ac46ae7ca

    • SHA512

      5b2122944f3861aa981f84b1d973b3dcbbac9ccde37844fb6752aaff1cda20950cc8551f3e5d7e428f68cfdf460c849740c2970b3f62fb0da9979d5061ced03c

    • SSDEEP

      12288:AMrEy90y0H/WK9/xHvMG15ODFuqp7NmAgyzmQKna27b5za:0yv0HJ/xPMGCDzNtiW27lza

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks