General

  • Target

    bb4f871e94aa63e26356d8ff723680c13b3f6cb3f32b9747b8fcbbfa071913d3

  • Size

    567KB

  • Sample

    241109-f3znja1ngk

  • MD5

    05e54beb4d562bd92d7ed44a53154fb8

  • SHA1

    094d5e8916ad4e36f6da940b78271a4899c2f9c3

  • SHA256

    bb4f871e94aa63e26356d8ff723680c13b3f6cb3f32b9747b8fcbbfa071913d3

  • SHA512

    4b828c4e03da9417fe3ea351a288644b904c9d7e91d66a0eab5f74a2363f2b3c05d30ec26c1fc67fdcd341f316d7440ba0668fa02cc09be0bbe39a81ea51fd4c

  • SSDEEP

    12288:dy90xoc4o/S/DsuJhY91uG6qP5Q7lyZTt:dy+Io+scI1bn5kw

Malware Config

Targets

    • Target

      bb4f871e94aa63e26356d8ff723680c13b3f6cb3f32b9747b8fcbbfa071913d3

    • Size

      567KB

    • MD5

      05e54beb4d562bd92d7ed44a53154fb8

    • SHA1

      094d5e8916ad4e36f6da940b78271a4899c2f9c3

    • SHA256

      bb4f871e94aa63e26356d8ff723680c13b3f6cb3f32b9747b8fcbbfa071913d3

    • SHA512

      4b828c4e03da9417fe3ea351a288644b904c9d7e91d66a0eab5f74a2363f2b3c05d30ec26c1fc67fdcd341f316d7440ba0668fa02cc09be0bbe39a81ea51fd4c

    • SSDEEP

      12288:dy90xoc4o/S/DsuJhY91uG6qP5Q7lyZTt:dy+Io+scI1bn5kw

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks