General

  • Target

    1d755a6a58a0f96c353797922fd809065fad10c55d0e9036e4e942f1662a1b34N

  • Size

    642KB

  • Sample

    241111-gqbxdathnj

  • MD5

    955356b398feec5d7dab13bd2790fa40

  • SHA1

    efab8b102454e5121329bd9816e338c9f3740911

  • SHA256

    1d755a6a58a0f96c353797922fd809065fad10c55d0e9036e4e942f1662a1b34

  • SHA512

    19161965fad79b31eee2ec614a1cf01cbfae0e4a8ef029cd28d4ba1504eea8d80bd35e75ac27f3e38a2abdd96313125af1d6ac1851fa6ed6f66c9ed9b1155b07

  • SSDEEP

    12288:Uy90DlGK9Ada9x1tn17OrvVy/WW6tq1qbPKyA+rPV05DU:UyClGKadaP17Wvcl6tq1qbPN1N05DU

Malware Config

Targets

    • Target

      1d755a6a58a0f96c353797922fd809065fad10c55d0e9036e4e942f1662a1b34N

    • Size

      642KB

    • MD5

      955356b398feec5d7dab13bd2790fa40

    • SHA1

      efab8b102454e5121329bd9816e338c9f3740911

    • SHA256

      1d755a6a58a0f96c353797922fd809065fad10c55d0e9036e4e942f1662a1b34

    • SHA512

      19161965fad79b31eee2ec614a1cf01cbfae0e4a8ef029cd28d4ba1504eea8d80bd35e75ac27f3e38a2abdd96313125af1d6ac1851fa6ed6f66c9ed9b1155b07

    • SSDEEP

      12288:Uy90DlGK9Ada9x1tn17OrvVy/WW6tq1qbPKyA+rPV05DU:UyClGKadaP17Wvcl6tq1qbPN1N05DU

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks