General

  • Target

    03eee8066fc4aea6cad83546db504edf53c7b75dfdb9342ea36f8746544dffb1

  • Size

    695KB

  • Sample

    241109-eppezawpf1

  • MD5

    156ab52eb566f533ef4cb3600ee4ed21

  • SHA1

    0c77ed17148df2d06852054d18f2230ae1c07ba2

  • SHA256

    03eee8066fc4aea6cad83546db504edf53c7b75dfdb9342ea36f8746544dffb1

  • SHA512

    5467881c6d2ee3b756d984f089de67c180eee30b5274644c4f1ee5738a7b204468a5bd9e573a47a1fc4c08d691c6c6994683726bb08033aa47655de625c08ea9

  • SSDEEP

    12288:fy90rmH9/UWfXctFjwpFT1Vuwj3Wk6FH18bVKIA+dt:fyumH9MmstBoF3uwjb6FH18bVLl

Malware Config

Targets

    • Target

      03eee8066fc4aea6cad83546db504edf53c7b75dfdb9342ea36f8746544dffb1

    • Size

      695KB

    • MD5

      156ab52eb566f533ef4cb3600ee4ed21

    • SHA1

      0c77ed17148df2d06852054d18f2230ae1c07ba2

    • SHA256

      03eee8066fc4aea6cad83546db504edf53c7b75dfdb9342ea36f8746544dffb1

    • SHA512

      5467881c6d2ee3b756d984f089de67c180eee30b5274644c4f1ee5738a7b204468a5bd9e573a47a1fc4c08d691c6c6994683726bb08033aa47655de625c08ea9

    • SSDEEP

      12288:fy90rmH9/UWfXctFjwpFT1Vuwj3Wk6FH18bVKIA+dt:fyumH9MmstBoF3uwjb6FH18bVLl

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks