General

  • Target

    37440998c50031b62c72de16ef2e6505e42e0007e152518de51df903d9da26a1

  • Size

    414KB

  • Sample

    241113-zzq2rszblr

  • MD5

    102cbdf783d849f8efc9d2026efd44f3

  • SHA1

    bca1ff6814a9a48727560a92da13b8cd63b734ed

  • SHA256

    37440998c50031b62c72de16ef2e6505e42e0007e152518de51df903d9da26a1

  • SHA512

    0b5526e09121ef6078bfd241f41af45e6f9bcb10bb1f63316dc38f6fa040eb7b4e688488b6c84b9a453e1676127c19148f6a6d1a5a9b2a13a3a21fc130109e6c

  • SSDEEP

    6144:ckp0yN90QEzRLLo5/pzD0H4TvNRCipXZtRhvC7HcIhT7WMGwdu3nx:my90zLoX1TFRDXZtRhvCHc2Ewduh

Malware Config

Targets

    • Target

      37440998c50031b62c72de16ef2e6505e42e0007e152518de51df903d9da26a1

    • Size

      414KB

    • MD5

      102cbdf783d849f8efc9d2026efd44f3

    • SHA1

      bca1ff6814a9a48727560a92da13b8cd63b734ed

    • SHA256

      37440998c50031b62c72de16ef2e6505e42e0007e152518de51df903d9da26a1

    • SHA512

      0b5526e09121ef6078bfd241f41af45e6f9bcb10bb1f63316dc38f6fa040eb7b4e688488b6c84b9a453e1676127c19148f6a6d1a5a9b2a13a3a21fc130109e6c

    • SSDEEP

      6144:ckp0yN90QEzRLLo5/pzD0H4TvNRCipXZtRhvC7HcIhT7WMGwdu3nx:my90zLoX1TFRDXZtRhvCHc2Ewduh

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks