General

  • Target

    71aa2baeb8696d348af4535cf5e78b7a71078e68ff7521675ad4df01f570f2f3N

  • Size

    618KB

  • Sample

    241111-gq1whathnp

  • MD5

    5dc9d78400ef4706d4912a0d3e83cd30

  • SHA1

    bbd38c1b763004adefdd112deada9b43ae2098de

  • SHA256

    71aa2baeb8696d348af4535cf5e78b7a71078e68ff7521675ad4df01f570f2f3

  • SHA512

    865e9e4329c10e22f6855a41c246a18fd30dea18d3bf84889976259e612e6f81d664840d1190607f835be89dcf6d4d07646f8ec9a4b26037f112caf838c1b70b

  • SSDEEP

    12288:Qy902mtg4JQ9wyvnK2TI28GaBXG3WVaxvH+j0kEI:Qys/J3yvnK2TI6UEWevewkEI

Malware Config

Targets

    • Target

      71aa2baeb8696d348af4535cf5e78b7a71078e68ff7521675ad4df01f570f2f3N

    • Size

      618KB

    • MD5

      5dc9d78400ef4706d4912a0d3e83cd30

    • SHA1

      bbd38c1b763004adefdd112deada9b43ae2098de

    • SHA256

      71aa2baeb8696d348af4535cf5e78b7a71078e68ff7521675ad4df01f570f2f3

    • SHA512

      865e9e4329c10e22f6855a41c246a18fd30dea18d3bf84889976259e612e6f81d664840d1190607f835be89dcf6d4d07646f8ec9a4b26037f112caf838c1b70b

    • SSDEEP

      12288:Qy902mtg4JQ9wyvnK2TI28GaBXG3WVaxvH+j0kEI:Qys/J3yvnK2TI6UEWevewkEI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks