General

  • Target

    bc74c13f16ae5b3672ed4a7a6ad3b9bc3f4e19f186a3b1835da71950378c036d

  • Size

    706KB

  • Sample

    241109-xswybszfrb

  • MD5

    5ca31c39cd15fad7dcd017eb6a21155a

  • SHA1

    c46ae8e8b8d3c99de12c6ce8dc8e9504d0050cda

  • SHA256

    bc74c13f16ae5b3672ed4a7a6ad3b9bc3f4e19f186a3b1835da71950378c036d

  • SHA512

    7817730b44a8324c82bdab53e422dfd7727b7b073c6182ae1eac2e59f2da95cfad1ce7de831b4d60cfb4d2cfc55f732c645dce4a3b29a39c7d1ee360847c2873

  • SSDEEP

    12288:Sy90C6MYidfirSQ8KbQSksmgyPq+51drVJY8c02hZ/02T5DvL:Syb61pZ+DyurVTcJcw5Dj

Malware Config

Targets

    • Target

      bc74c13f16ae5b3672ed4a7a6ad3b9bc3f4e19f186a3b1835da71950378c036d

    • Size

      706KB

    • MD5

      5ca31c39cd15fad7dcd017eb6a21155a

    • SHA1

      c46ae8e8b8d3c99de12c6ce8dc8e9504d0050cda

    • SHA256

      bc74c13f16ae5b3672ed4a7a6ad3b9bc3f4e19f186a3b1835da71950378c036d

    • SHA512

      7817730b44a8324c82bdab53e422dfd7727b7b073c6182ae1eac2e59f2da95cfad1ce7de831b4d60cfb4d2cfc55f732c645dce4a3b29a39c7d1ee360847c2873

    • SSDEEP

      12288:Sy90C6MYidfirSQ8KbQSksmgyPq+51drVJY8c02hZ/02T5DvL:Syb61pZ+DyurVTcJcw5Dj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks