General

  • Target

    9df30003f6e617cf62991a6d434664c1afceff16f62af2d4cf9a2d9d4b25ec3f

  • Size

    469KB

  • Sample

    241117-jq2h5strcw

  • MD5

    747a3f172ecadce0a46a36f430a1dc07

  • SHA1

    999d010da40fbf83cb94fbf8ecc8b97bd633e738

  • SHA256

    9df30003f6e617cf62991a6d434664c1afceff16f62af2d4cf9a2d9d4b25ec3f

  • SHA512

    2035428bb6ad2de51cdc25c7241154fe138fd18ae2a38515f4466ede2af559b0534cdcebc10fb22e313fa9557d630ec5f9070f367bcfb5e28a78578164ef27d9

  • SSDEEP

    6144:g7p0yN90QEyK6p9YHpRzdqqt9qHUX4twh/qubUA5uvU/p9xVlIp7fTNRrsVpzytZ:hy90QiJRzdQHEhiuDYc/p9xMropzytZ

Malware Config

Targets

    • Target

      9df30003f6e617cf62991a6d434664c1afceff16f62af2d4cf9a2d9d4b25ec3f

    • Size

      469KB

    • MD5

      747a3f172ecadce0a46a36f430a1dc07

    • SHA1

      999d010da40fbf83cb94fbf8ecc8b97bd633e738

    • SHA256

      9df30003f6e617cf62991a6d434664c1afceff16f62af2d4cf9a2d9d4b25ec3f

    • SHA512

      2035428bb6ad2de51cdc25c7241154fe138fd18ae2a38515f4466ede2af559b0534cdcebc10fb22e313fa9557d630ec5f9070f367bcfb5e28a78578164ef27d9

    • SSDEEP

      6144:g7p0yN90QEyK6p9YHpRzdqqt9qHUX4twh/qubUA5uvU/p9xVlIp7fTNRrsVpzytZ:hy90QiJRzdQHEhiuDYc/p9xMropzytZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks