General

  • Target

    ab2f235d205473d9c034562b255bc94867b126d3f4a63ae0947ff2b0eeefde34

  • Size

    690KB

  • Sample

    241109-ehmykaxbpe

  • MD5

    3189d1b8a1a8d51c05af732377f00fe2

  • SHA1

    8a0c7a8328afcb59ca7683519c17e65a57865d78

  • SHA256

    ab2f235d205473d9c034562b255bc94867b126d3f4a63ae0947ff2b0eeefde34

  • SHA512

    54cf30a84988921052a7ecdf236116a655995323ca4048344202f231c3d8c8d436bacf3b54f150e27b7a2d30a447e3071d6bd18ae2106164f83446572bfb646b

  • SSDEEP

    12288:ey90PwJ5PvfNuWZ0E1gSDaTUBOKPZqhZ2iy04lD2/mxQPeaka:eypp0u5yZ2T92/Yla

Malware Config

Targets

    • Target

      ab2f235d205473d9c034562b255bc94867b126d3f4a63ae0947ff2b0eeefde34

    • Size

      690KB

    • MD5

      3189d1b8a1a8d51c05af732377f00fe2

    • SHA1

      8a0c7a8328afcb59ca7683519c17e65a57865d78

    • SHA256

      ab2f235d205473d9c034562b255bc94867b126d3f4a63ae0947ff2b0eeefde34

    • SHA512

      54cf30a84988921052a7ecdf236116a655995323ca4048344202f231c3d8c8d436bacf3b54f150e27b7a2d30a447e3071d6bd18ae2106164f83446572bfb646b

    • SSDEEP

      12288:ey90PwJ5PvfNuWZ0E1gSDaTUBOKPZqhZ2iy04lD2/mxQPeaka:eypp0u5yZ2T92/Yla

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks