General

  • Target

    d2b350d0cf8c4f65b6093d5d19aca8435e63cd50f5cf7b20c100649e911df75f

  • Size

    560KB

  • Sample

    241111-gqde7stlbz

  • MD5

    5fb89d7159e987a3010578a88187323f

  • SHA1

    dc9cd41aa41c3689543c3a045c490b3bd83f6d35

  • SHA256

    d2b350d0cf8c4f65b6093d5d19aca8435e63cd50f5cf7b20c100649e911df75f

  • SHA512

    273397f37576a35d9859faa2a4b0196cba0fce2be376f9d2a9ab81ebce0c73639cd1374342b643b11b3df8accb4164492f4e55450df85c1326d00ee1cbc34861

  • SSDEEP

    12288:oy90Z4FbxQ8qom654mii73ZphBMfFTN1BQudVJdegG6RA3st32:oy84vhDDx0bywjR3t32

Malware Config

Targets

    • Target

      d2b350d0cf8c4f65b6093d5d19aca8435e63cd50f5cf7b20c100649e911df75f

    • Size

      560KB

    • MD5

      5fb89d7159e987a3010578a88187323f

    • SHA1

      dc9cd41aa41c3689543c3a045c490b3bd83f6d35

    • SHA256

      d2b350d0cf8c4f65b6093d5d19aca8435e63cd50f5cf7b20c100649e911df75f

    • SHA512

      273397f37576a35d9859faa2a4b0196cba0fce2be376f9d2a9ab81ebce0c73639cd1374342b643b11b3df8accb4164492f4e55450df85c1326d00ee1cbc34861

    • SSDEEP

      12288:oy90Z4FbxQ8qom654mii73ZphBMfFTN1BQudVJdegG6RA3st32:oy84vhDDx0bywjR3t32

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks