General

  • Target

    db5e0a7d7dda10e8498b04b515ea83beffdd8d8a991347a4295d4e4a18864836

  • Size

    642KB

  • Sample

    241111-c4laratqdq

  • MD5

    2970144e68a0affa649b571c9d555ec8

  • SHA1

    578fe9a657c5103e01c1996a7bb848a2318837ad

  • SHA256

    db5e0a7d7dda10e8498b04b515ea83beffdd8d8a991347a4295d4e4a18864836

  • SHA512

    3a7cb96f9a9621bf3f244a41e9b4f18f2b2819b15008849d2ea37fd96591fe36495df3576ff473b61156af486daadd11ccf97596fcfb8908734e2d35dca55575

  • SSDEEP

    12288:/y90D2KUA2tWHhRj9nYlVtB1JiXvlHqWW6jI1qbPK3A+1UQS+VRC:/yC2KhtHfj+b1Evt66jI1qbPorUQJVRC

Malware Config

Targets

    • Target

      db5e0a7d7dda10e8498b04b515ea83beffdd8d8a991347a4295d4e4a18864836

    • Size

      642KB

    • MD5

      2970144e68a0affa649b571c9d555ec8

    • SHA1

      578fe9a657c5103e01c1996a7bb848a2318837ad

    • SHA256

      db5e0a7d7dda10e8498b04b515ea83beffdd8d8a991347a4295d4e4a18864836

    • SHA512

      3a7cb96f9a9621bf3f244a41e9b4f18f2b2819b15008849d2ea37fd96591fe36495df3576ff473b61156af486daadd11ccf97596fcfb8908734e2d35dca55575

    • SSDEEP

      12288:/y90D2KUA2tWHhRj9nYlVtB1JiXvlHqWW6jI1qbPK3A+1UQS+VRC:/yC2KhtHfj+b1Evt66jI1qbPorUQJVRC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks