General

  • Target

    2bbe6912a51a972e35af5f2f77c11ff5f674e3366a74f6e44f9acbb9a72b5d37

  • Size

    702KB

  • Sample

    241110-b7271awlhw

  • MD5

    3dd5b1f34c7b06dad2444d78a91719c7

  • SHA1

    86dc17169ca67895809d39a1fa2c6a4b0ddfa68f

  • SHA256

    2bbe6912a51a972e35af5f2f77c11ff5f674e3366a74f6e44f9acbb9a72b5d37

  • SHA512

    65b20ef403cf92fca7b3882e6186c2d03d037eb5a0904dc4111281989a7d801bf3a7393523c611eb825110749ab1666a344598160ac673ed12a837652e8edb7b

  • SSDEEP

    12288:ly90n6msPeH0Nk4V2+N5wLPnEG28o9w2vQF2vM2JE71KTbcOL:lyAneNI+/cEGqwSUn2JExE

Malware Config

Targets

    • Target

      2bbe6912a51a972e35af5f2f77c11ff5f674e3366a74f6e44f9acbb9a72b5d37

    • Size

      702KB

    • MD5

      3dd5b1f34c7b06dad2444d78a91719c7

    • SHA1

      86dc17169ca67895809d39a1fa2c6a4b0ddfa68f

    • SHA256

      2bbe6912a51a972e35af5f2f77c11ff5f674e3366a74f6e44f9acbb9a72b5d37

    • SHA512

      65b20ef403cf92fca7b3882e6186c2d03d037eb5a0904dc4111281989a7d801bf3a7393523c611eb825110749ab1666a344598160ac673ed12a837652e8edb7b

    • SSDEEP

      12288:ly90n6msPeH0Nk4V2+N5wLPnEG28o9w2vQF2vM2JE71KTbcOL:lyAneNI+/cEGqwSUn2JExE

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks