General

  • Target

    183dff585aa43f0fa0af16ef59c2183820cc66ae67991c7f7d09f5d4c8ea19e7

  • Size

    569KB

  • Sample

    241110-ek2jqssler

  • MD5

    628627b65ea2c8b7efad5b8305ca42d2

  • SHA1

    ef9f28c9ebac6396f4873f4eb81968217ddef719

  • SHA256

    183dff585aa43f0fa0af16ef59c2183820cc66ae67991c7f7d09f5d4c8ea19e7

  • SHA512

    69ca3e89eb0e67c90b207fd0dd906e9051d710965c88128127cd43bea8b4459de481ee2baf3eadb7d3704c6f1968da32a24b340d1e3e8a7fbeed6f0b091e6f3a

  • SSDEEP

    12288:Fy90prN2f0AUQYi02kYu4GxJCPRiF40nOmx9Y6:Fy42f0Awi0uuHKPoF40TY6

Malware Config

Targets

    • Target

      183dff585aa43f0fa0af16ef59c2183820cc66ae67991c7f7d09f5d4c8ea19e7

    • Size

      569KB

    • MD5

      628627b65ea2c8b7efad5b8305ca42d2

    • SHA1

      ef9f28c9ebac6396f4873f4eb81968217ddef719

    • SHA256

      183dff585aa43f0fa0af16ef59c2183820cc66ae67991c7f7d09f5d4c8ea19e7

    • SHA512

      69ca3e89eb0e67c90b207fd0dd906e9051d710965c88128127cd43bea8b4459de481ee2baf3eadb7d3704c6f1968da32a24b340d1e3e8a7fbeed6f0b091e6f3a

    • SSDEEP

      12288:Fy90prN2f0AUQYi02kYu4GxJCPRiF40nOmx9Y6:Fy42f0Awi0uuHKPoF40TY6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks