General

  • Target

    9e9d08d672ca2378aebbc9f3f678c776393920febceef90fab2745185b0e8c29

  • Size

    536KB

  • Sample

    241115-a3zqmswcpn

  • MD5

    bed13e90e6e50d766cba7ca1f84c2d0c

  • SHA1

    74f8a2cacceaecd34b88aae14984cb3349105ec9

  • SHA256

    9e9d08d672ca2378aebbc9f3f678c776393920febceef90fab2745185b0e8c29

  • SHA512

    975aae9a22225bf15bb7199047c4e7c693193840711e1685e779bee1292929632b3a4879a69aadfa4bd0ff2a1e0cfb0098e61f2bd88d8984bb2c0b4d6e70db95

  • SSDEEP

    12288:Jy90IMJ+qqVCkKkbtMz8oqr0gm62amhJbTfT:JyTMJXqVCkKkbtg8omD2aABTL

Malware Config

Targets

    • Target

      9e9d08d672ca2378aebbc9f3f678c776393920febceef90fab2745185b0e8c29

    • Size

      536KB

    • MD5

      bed13e90e6e50d766cba7ca1f84c2d0c

    • SHA1

      74f8a2cacceaecd34b88aae14984cb3349105ec9

    • SHA256

      9e9d08d672ca2378aebbc9f3f678c776393920febceef90fab2745185b0e8c29

    • SHA512

      975aae9a22225bf15bb7199047c4e7c693193840711e1685e779bee1292929632b3a4879a69aadfa4bd0ff2a1e0cfb0098e61f2bd88d8984bb2c0b4d6e70db95

    • SSDEEP

      12288:Jy90IMJ+qqVCkKkbtMz8oqr0gm62amhJbTfT:JyTMJXqVCkKkbtg8omD2aABTL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks