General

  • Target

    e28a1efb1a8d37c09910cfcc9691a6c132b3ad81a388f23b452de804a58948a7

  • Size

    828KB

  • Sample

    241110-b76kesxbld

  • MD5

    229852477256b5f4f71f901543b50365

  • SHA1

    bd972cc857e85043895fb2567343e94ae95a4c26

  • SHA256

    e28a1efb1a8d37c09910cfcc9691a6c132b3ad81a388f23b452de804a58948a7

  • SHA512

    44a100b82fc90c79be99a09392f71919355567538aec3be547a61250e958543035ab585bccfc06a2ae2b325173f02de61bc597df761dd9222a5dfd9c59fd1bc5

  • SSDEEP

    24576:AyBVtM13ZBaObQqQ9UFfQm8GXaPYTM9VL6bf:HDtM7BHbQqMUFfQaaPYkV

Malware Config

Targets

    • Target

      e28a1efb1a8d37c09910cfcc9691a6c132b3ad81a388f23b452de804a58948a7

    • Size

      828KB

    • MD5

      229852477256b5f4f71f901543b50365

    • SHA1

      bd972cc857e85043895fb2567343e94ae95a4c26

    • SHA256

      e28a1efb1a8d37c09910cfcc9691a6c132b3ad81a388f23b452de804a58948a7

    • SHA512

      44a100b82fc90c79be99a09392f71919355567538aec3be547a61250e958543035ab585bccfc06a2ae2b325173f02de61bc597df761dd9222a5dfd9c59fd1bc5

    • SSDEEP

      24576:AyBVtM13ZBaObQqQ9UFfQm8GXaPYTM9VL6bf:HDtM7BHbQqMUFfQaaPYkV

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks