General

  • Target

    153de3efcbc7b2f808fdf41c09746b45baebd6c17f077b5fb8216d96bd2c40a2

  • Size

    376KB

  • Sample

    241111-gq9hmstlc1

  • MD5

    9d455d205f37e412abec0a90b2f1e866

  • SHA1

    d3656e0e73dd2c61182aa06eca3702164fddb717

  • SHA256

    153de3efcbc7b2f808fdf41c09746b45baebd6c17f077b5fb8216d96bd2c40a2

  • SHA512

    5079e7ca95774bb66db2b423718358576a00d26bbf21e848743497359dca2df8e07a13dd6482d158b45c25a5bdeb15dee5f5ff909cce06cbd48d4a48f1589353

  • SSDEEP

    6144:K3y+bnr+Hp0yN90QEmnHgKPRWkfajncQEC/cv/ADWj84NrhTd/1xKh:xMrzy90AHHfQZcnAa84Nf/1xM

Malware Config

Targets

    • Target

      153de3efcbc7b2f808fdf41c09746b45baebd6c17f077b5fb8216d96bd2c40a2

    • Size

      376KB

    • MD5

      9d455d205f37e412abec0a90b2f1e866

    • SHA1

      d3656e0e73dd2c61182aa06eca3702164fddb717

    • SHA256

      153de3efcbc7b2f808fdf41c09746b45baebd6c17f077b5fb8216d96bd2c40a2

    • SHA512

      5079e7ca95774bb66db2b423718358576a00d26bbf21e848743497359dca2df8e07a13dd6482d158b45c25a5bdeb15dee5f5ff909cce06cbd48d4a48f1589353

    • SSDEEP

      6144:K3y+bnr+Hp0yN90QEmnHgKPRWkfajncQEC/cv/ADWj84NrhTd/1xKh:xMrzy90AHHfQZcnAa84Nf/1xM

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks