General

  • Target

    4369386182048fb98ed51ea067bfc25c7dc8dd0d5021f442e25ce4bfe00d3b4c

  • Size

    920KB

  • Sample

    241109-xsbbmazjbw

  • MD5

    6561b1e3508cd78bb7666a9c2a6f8de8

  • SHA1

    eb34661d16a50273f38f2d549d64a6a0a30f9f2f

  • SHA256

    4369386182048fb98ed51ea067bfc25c7dc8dd0d5021f442e25ce4bfe00d3b4c

  • SHA512

    d50b6355f5cf910ddafc238e1d765e0078611075c5e7866b44ca82f23abd57d5ba3138eb4e5bb0c9b0391576b60da16202ad7a73c417f731e7d81298d4728416

  • SSDEEP

    24576:TyaC0yfJ5pBXgChpR2cXIWKM44112em9c7NT7oo:ma3439PD2cJjG9c7NT

Malware Config

Targets

    • Target

      4369386182048fb98ed51ea067bfc25c7dc8dd0d5021f442e25ce4bfe00d3b4c

    • Size

      920KB

    • MD5

      6561b1e3508cd78bb7666a9c2a6f8de8

    • SHA1

      eb34661d16a50273f38f2d549d64a6a0a30f9f2f

    • SHA256

      4369386182048fb98ed51ea067bfc25c7dc8dd0d5021f442e25ce4bfe00d3b4c

    • SHA512

      d50b6355f5cf910ddafc238e1d765e0078611075c5e7866b44ca82f23abd57d5ba3138eb4e5bb0c9b0391576b60da16202ad7a73c417f731e7d81298d4728416

    • SSDEEP

      24576:TyaC0yfJ5pBXgChpR2cXIWKM44112em9c7NT7oo:ma3439PD2cJjG9c7NT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks