General

  • Target

    b25c7f7262731f2a322db71ca48c9fd7ef27e960c7ee4a3d92a43a92612addabN

  • Size

    469KB

  • Sample

    241113-q7s2nawnfq

  • MD5

    c27ca96780af6c83e1c0fc227ed6c510

  • SHA1

    6b8c0c78d2dfda94f661eac3d50995edb8bfc97a

  • SHA256

    b25c7f7262731f2a322db71ca48c9fd7ef27e960c7ee4a3d92a43a92612addab

  • SHA512

    c1b0665d9422d306417a02fcb2d06ff966d3d6b1a1b3f6e08b50c87aff2c1bcc6e8c7f54dca42a8301ad74f9d7caa7f89bffb3ff3878450ce8dca9d40d0ba6a1

  • SSDEEP

    12288:1y90pIfGPCg1I/p/s//HgBrfzWD38luo:1yiIf2tO/pU//A9fz438l7

Malware Config

Targets

    • Target

      b25c7f7262731f2a322db71ca48c9fd7ef27e960c7ee4a3d92a43a92612addabN

    • Size

      469KB

    • MD5

      c27ca96780af6c83e1c0fc227ed6c510

    • SHA1

      6b8c0c78d2dfda94f661eac3d50995edb8bfc97a

    • SHA256

      b25c7f7262731f2a322db71ca48c9fd7ef27e960c7ee4a3d92a43a92612addab

    • SHA512

      c1b0665d9422d306417a02fcb2d06ff966d3d6b1a1b3f6e08b50c87aff2c1bcc6e8c7f54dca42a8301ad74f9d7caa7f89bffb3ff3878450ce8dca9d40d0ba6a1

    • SSDEEP

      12288:1y90pIfGPCg1I/p/s//HgBrfzWD38luo:1yiIf2tO/pU//A9fz438l7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks