General

  • Target

    88d75ae9eb398613a49481931cf06984abc95dda3c90861a0f635971ec988851N.exe

  • Size

    699KB

  • Sample

    241113-n1nggs1eqh

  • MD5

    49fe83e708b3b2ef1e516676814dbe20

  • SHA1

    387ac730e14546248b38f5ce47349208aef81682

  • SHA256

    88d75ae9eb398613a49481931cf06984abc95dda3c90861a0f635971ec988851

  • SHA512

    332d86e0bd5aa51f652305d8ed8d7bb8c78f214188315711dd57311b0881b9df52fee9e73c6d559cc1e07466d4861f2cc19605067cee805aba405b4aef16a87e

  • SSDEEP

    12288:Oy90fD2QdNaChzFo7WJ9v50fvpuHCvqFHX/GXZc2MyRbOnu1E9Vr9:OyNQWukg9hYp5qFHe/MyRbOnu1Ex

Malware Config

Targets

    • Target

      88d75ae9eb398613a49481931cf06984abc95dda3c90861a0f635971ec988851N.exe

    • Size

      699KB

    • MD5

      49fe83e708b3b2ef1e516676814dbe20

    • SHA1

      387ac730e14546248b38f5ce47349208aef81682

    • SHA256

      88d75ae9eb398613a49481931cf06984abc95dda3c90861a0f635971ec988851

    • SHA512

      332d86e0bd5aa51f652305d8ed8d7bb8c78f214188315711dd57311b0881b9df52fee9e73c6d559cc1e07466d4861f2cc19605067cee805aba405b4aef16a87e

    • SSDEEP

      12288:Oy90fD2QdNaChzFo7WJ9v50fvpuHCvqFHX/GXZc2MyRbOnu1E9Vr9:OyNQWukg9hYp5qFHe/MyRbOnu1Ex

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks