General

  • Target

    3bb1d5836282e7e9156c3421d6729ec125f24aa88e43af67cc34db43c937c82a

  • Size

    1.0MB

  • Sample

    241109-ebq2msxamh

  • MD5

    a3e675e8a87858f37288f71c54b66e3a

  • SHA1

    d48242f53ef1a48f6d8cc7b548add2a49439dbfd

  • SHA256

    3bb1d5836282e7e9156c3421d6729ec125f24aa88e43af67cc34db43c937c82a

  • SHA512

    553f8e1feacf80776bdd5592faa72fbe3958962d4c5bf51f4b3a82f50895ddda0b445a0eb0871993ef1788feee3e765408654fe8a10cfa3f8523283d06ca9b71

  • SSDEEP

    24576:IRBlpCnS/scHFiubIqtKXQiS8W0n3gtGO3QEM9p8:gIAs0FP3ad3UG7p

Malware Config

Targets

    • Target

      3bb1d5836282e7e9156c3421d6729ec125f24aa88e43af67cc34db43c937c82a

    • Size

      1.0MB

    • MD5

      a3e675e8a87858f37288f71c54b66e3a

    • SHA1

      d48242f53ef1a48f6d8cc7b548add2a49439dbfd

    • SHA256

      3bb1d5836282e7e9156c3421d6729ec125f24aa88e43af67cc34db43c937c82a

    • SHA512

      553f8e1feacf80776bdd5592faa72fbe3958962d4c5bf51f4b3a82f50895ddda0b445a0eb0871993ef1788feee3e765408654fe8a10cfa3f8523283d06ca9b71

    • SSDEEP

      24576:IRBlpCnS/scHFiubIqtKXQiS8W0n3gtGO3QEM9p8:gIAs0FP3ad3UG7p

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks