General

  • Target

    8c065b0d1c314a0d93996fbc585ef2ae5e30ab3f3f143fd01c16716d95dae9a6

  • Size

    705KB

  • Sample

    241110-bqk76ayqhn

  • MD5

    168d48136025edbe2d53ef7434acbaeb

  • SHA1

    5b6f86d8207e4a9d58ceadeb6497cc3463a6938a

  • SHA256

    8c065b0d1c314a0d93996fbc585ef2ae5e30ab3f3f143fd01c16716d95dae9a6

  • SHA512

    00c10d25fb568e048d1f4c5801572bacd484c2c900717fb6677fe12238d141e36a0b58d8041c33d8d3ce21c22139a149d5fc6ba52071ee3fa44ecf46be5dfb0f

  • SSDEEP

    12288:2y90EjqJX0RxwFCGV51QUr42sqr6a3H+RwXZtRhvZNcRcd1PlmE:2yhjcX0RqoGV5yUr4OFFhnjUE

Malware Config

Targets

    • Target

      8c065b0d1c314a0d93996fbc585ef2ae5e30ab3f3f143fd01c16716d95dae9a6

    • Size

      705KB

    • MD5

      168d48136025edbe2d53ef7434acbaeb

    • SHA1

      5b6f86d8207e4a9d58ceadeb6497cc3463a6938a

    • SHA256

      8c065b0d1c314a0d93996fbc585ef2ae5e30ab3f3f143fd01c16716d95dae9a6

    • SHA512

      00c10d25fb568e048d1f4c5801572bacd484c2c900717fb6677fe12238d141e36a0b58d8041c33d8d3ce21c22139a149d5fc6ba52071ee3fa44ecf46be5dfb0f

    • SSDEEP

      12288:2y90EjqJX0RxwFCGV51QUr42sqr6a3H+RwXZtRhvZNcRcd1PlmE:2yhjcX0RqoGV5yUr4OFFhnjUE

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks