General

  • Target

    83868b2f2839b458a2e27b5785ed9170d119175133ff26d1acc19969ad1f5368N.exe

  • Size

    470KB

  • Sample

    241118-qnhftasmbk

  • MD5

    055e542b5c74f74b06dbf9d3fd34d6d0

  • SHA1

    c90a39d9d7b77eba11dbc6f2f2f4d7baa822cf3c

  • SHA256

    83868b2f2839b458a2e27b5785ed9170d119175133ff26d1acc19969ad1f5368

  • SHA512

    54eec41f42fbb46c221d35d57578744dd9c2400030bf4df24e3f598de21c55bbce3dfe8cdc303bcf4c007ca1b9693c83185817a9b9269318af62dd955e7c75d1

  • SSDEEP

    6144:5Tp0yN90QEeVBlC7RNuTaR4rBqUUhK6Wv5WqGOdMnRvBUUxac1gmtbER3fdtfxO2:Uy90GBlCjZ4rohivtMn4sbEh3nn

Malware Config

Targets

    • Target

      83868b2f2839b458a2e27b5785ed9170d119175133ff26d1acc19969ad1f5368N.exe

    • Size

      470KB

    • MD5

      055e542b5c74f74b06dbf9d3fd34d6d0

    • SHA1

      c90a39d9d7b77eba11dbc6f2f2f4d7baa822cf3c

    • SHA256

      83868b2f2839b458a2e27b5785ed9170d119175133ff26d1acc19969ad1f5368

    • SHA512

      54eec41f42fbb46c221d35d57578744dd9c2400030bf4df24e3f598de21c55bbce3dfe8cdc303bcf4c007ca1b9693c83185817a9b9269318af62dd955e7c75d1

    • SSDEEP

      6144:5Tp0yN90QEeVBlC7RNuTaR4rBqUUhK6Wv5WqGOdMnRvBUUxac1gmtbER3fdtfxO2:Uy90GBlCjZ4rohivtMn4sbEh3nn

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks