General

  • Target

    a1ed8c1988c02c63d3ac570ec1bb7d0c8e6558aa1571ae25d13ba356acbf8a80.exe

  • Size

    488KB

  • Sample

    241113-yqdveayckb

  • MD5

    90fc70d05df4f68068cfebbc83f7b99d

  • SHA1

    7c30af92c22ed3ea5653ba07aa14847aed684954

  • SHA256

    a1ed8c1988c02c63d3ac570ec1bb7d0c8e6558aa1571ae25d13ba356acbf8a80

  • SHA512

    d63fa7e29267cadf7e476c1b733f7e4370eefd2a8a7ba1327c5e4668af97961750b5d86b151ed27f6f19e9c4e1bd5435f4fddb03b1d04cde526c215ce9b71f48

  • SSDEEP

    12288:Fy90EyKZqLt8122LSyLzcXAwZeyK4UB28L4:Fy221wscwwZUvL4

Malware Config

Targets

    • Target

      a1ed8c1988c02c63d3ac570ec1bb7d0c8e6558aa1571ae25d13ba356acbf8a80.exe

    • Size

      488KB

    • MD5

      90fc70d05df4f68068cfebbc83f7b99d

    • SHA1

      7c30af92c22ed3ea5653ba07aa14847aed684954

    • SHA256

      a1ed8c1988c02c63d3ac570ec1bb7d0c8e6558aa1571ae25d13ba356acbf8a80

    • SHA512

      d63fa7e29267cadf7e476c1b733f7e4370eefd2a8a7ba1327c5e4668af97961750b5d86b151ed27f6f19e9c4e1bd5435f4fddb03b1d04cde526c215ce9b71f48

    • SSDEEP

      12288:Fy90EyKZqLt8122LSyLzcXAwZeyK4UB28L4:Fy221wscwwZUvL4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks