General

  • Target

    e43e26437c49079425df6bfd6997cb8052123c99d41a2f8ce159a80cc0f85597

  • Size

    559KB

  • Sample

    241109-eegblswmf1

  • MD5

    48a5656cab568cdfdc48b7fedbf9d9ff

  • SHA1

    e349711f9df63b330375829f05ee73a6672b8fe0

  • SHA256

    e43e26437c49079425df6bfd6997cb8052123c99d41a2f8ce159a80cc0f85597

  • SHA512

    b951fe7d6c9e89030dfadc2b7a5fc811c87db9e182f219a570e413545d60876770fcd3fbe6049ea9b0d95235c88eab2ab8f367976af6ecf696a2ea008fe60cc2

  • SSDEEP

    6144:6pp0yN90QESDCQWB/+C1IiTvje5ei1QAOgWp6x0iHZEcLuwmiQk1FlFe0KgxNAH8:Vy90QATWei1Qdf6uWZEcq/uxcHF6mo

Malware Config

Targets

    • Target

      e43e26437c49079425df6bfd6997cb8052123c99d41a2f8ce159a80cc0f85597

    • Size

      559KB

    • MD5

      48a5656cab568cdfdc48b7fedbf9d9ff

    • SHA1

      e349711f9df63b330375829f05ee73a6672b8fe0

    • SHA256

      e43e26437c49079425df6bfd6997cb8052123c99d41a2f8ce159a80cc0f85597

    • SHA512

      b951fe7d6c9e89030dfadc2b7a5fc811c87db9e182f219a570e413545d60876770fcd3fbe6049ea9b0d95235c88eab2ab8f367976af6ecf696a2ea008fe60cc2

    • SSDEEP

      6144:6pp0yN90QESDCQWB/+C1IiTvje5ei1QAOgWp6x0iHZEcLuwmiQk1FlFe0KgxNAH8:Vy90QATWei1Qdf6uWZEcq/uxcHF6mo

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks