General

  • Target

    b448b04ac24d8fea46688845c0727ab3956f2782a0f95b76e1a515d220087044

  • Size

    936KB

  • Sample

    241109-fs8hpaybpd

  • MD5

    b73e5752ac0ba793c7b1d21672663870

  • SHA1

    30fde319691396fbfccc4daa6436d968e7502bc5

  • SHA256

    b448b04ac24d8fea46688845c0727ab3956f2782a0f95b76e1a515d220087044

  • SHA512

    9e270c68ba259464fe298ff656b3fdb8cea86eb194aa045d4442425b9b21dbd81bae7b924d090b05a48d7e7d6d44c00f26355e7d3d39a112313260d2772c3869

  • SSDEEP

    12288:Ay90GtLj+X5ZWvvHtvtP4ys6VmTThDCdF63rjqgKepgVlyOt/WtDwFdh:AyFtLKivKyhmTTtYe6VlyOKMx

Malware Config

Targets

    • Target

      b448b04ac24d8fea46688845c0727ab3956f2782a0f95b76e1a515d220087044

    • Size

      936KB

    • MD5

      b73e5752ac0ba793c7b1d21672663870

    • SHA1

      30fde319691396fbfccc4daa6436d968e7502bc5

    • SHA256

      b448b04ac24d8fea46688845c0727ab3956f2782a0f95b76e1a515d220087044

    • SHA512

      9e270c68ba259464fe298ff656b3fdb8cea86eb194aa045d4442425b9b21dbd81bae7b924d090b05a48d7e7d6d44c00f26355e7d3d39a112313260d2772c3869

    • SSDEEP

      12288:Ay90GtLj+X5ZWvvHtvtP4ys6VmTThDCdF63rjqgKepgVlyOt/WtDwFdh:AyFtLKivKyhmTTtYe6VlyOKMx

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks