General

  • Target

    b4862d5cab448b8b82645be99142d30f098a15a1e04d44668b017b1728973438

  • Size

    376KB

  • Sample

    241109-ftcseaybpf

  • MD5

    181d6bf1328831d5577b586c18cb3b2b

  • SHA1

    eb1b88c1aa96b05b86c64e39ea3d8e077de6a53e

  • SHA256

    b4862d5cab448b8b82645be99142d30f098a15a1e04d44668b017b1728973438

  • SHA512

    2aa77f8c320e902eae0eec7d1fef9852eae85411cb048f16303f372d491395957947709e2ea4058e809f9bbe18af062a1cf58058517231cb92c177fd632c513b

  • SSDEEP

    6144:Kqy+bnr+Wp0yN90QEbcxHODW8HmDqd88MPYhuYR5QqhfQq+7P1Ix5bH6L8CqdQfU:iMrSy905cHWWSi8MgUYjQgQq+jS5L6Lq

Malware Config

Targets

    • Target

      b4862d5cab448b8b82645be99142d30f098a15a1e04d44668b017b1728973438

    • Size

      376KB

    • MD5

      181d6bf1328831d5577b586c18cb3b2b

    • SHA1

      eb1b88c1aa96b05b86c64e39ea3d8e077de6a53e

    • SHA256

      b4862d5cab448b8b82645be99142d30f098a15a1e04d44668b017b1728973438

    • SHA512

      2aa77f8c320e902eae0eec7d1fef9852eae85411cb048f16303f372d491395957947709e2ea4058e809f9bbe18af062a1cf58058517231cb92c177fd632c513b

    • SSDEEP

      6144:Kqy+bnr+Wp0yN90QEbcxHODW8HmDqd88MPYhuYR5QqhfQq+7P1Ix5bH6L8CqdQfU:iMrSy905cHWWSi8MgUYjQgQq+jS5L6Lq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks