General

  • Target

    f70543950a7ca10c6127f11f6e6554a05145c0443f58501e4155d2988bee9cca

  • Size

    612KB

  • Sample

    241110-bvldqawgrb

  • MD5

    45c3c413e070f38030046a7cd1fd34f7

  • SHA1

    f37d180c349f97c6d8bd1817bbedceae35ff5d15

  • SHA256

    f70543950a7ca10c6127f11f6e6554a05145c0443f58501e4155d2988bee9cca

  • SHA512

    986bc001ee6def5c1352ac65f97450e099563fe81322ac59c056702180acac8cfc9bbcbb1ceff2d553776acb60dd12e849708fc76ec8c12c37f079446a9a3154

  • SSDEEP

    12288:Qy906xccvV+/9hZiAjgB4Q3u4Koul8FRDNRzchQUxp0Q:QyHxLvV6fNjgB42uho5xYxuQ

Malware Config

Targets

    • Target

      f70543950a7ca10c6127f11f6e6554a05145c0443f58501e4155d2988bee9cca

    • Size

      612KB

    • MD5

      45c3c413e070f38030046a7cd1fd34f7

    • SHA1

      f37d180c349f97c6d8bd1817bbedceae35ff5d15

    • SHA256

      f70543950a7ca10c6127f11f6e6554a05145c0443f58501e4155d2988bee9cca

    • SHA512

      986bc001ee6def5c1352ac65f97450e099563fe81322ac59c056702180acac8cfc9bbcbb1ceff2d553776acb60dd12e849708fc76ec8c12c37f079446a9a3154

    • SSDEEP

      12288:Qy906xccvV+/9hZiAjgB4Q3u4Koul8FRDNRzchQUxp0Q:QyHxLvV6fNjgB42uho5xYxuQ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks