General

  • Target

    1554e29fb01a9363629c940c1e83c1d2bda375e7a650a761e145cddb9c671297

  • Size

    562KB

  • Sample

    241110-b9hldaxbnb

  • MD5

    196f9e0f4d6081ac88b8d1f72e55c77e

  • SHA1

    766d25164e58317e32a98a48a23182f9b38d5040

  • SHA256

    1554e29fb01a9363629c940c1e83c1d2bda375e7a650a761e145cddb9c671297

  • SHA512

    e569501cc8e5a7754da01229eb3e4a3cc4d2c3c45accb8229a46927a757ac109d21a80b335bd3492adcc022104a4419a6ec3127d6898c0bc95f51b1e74cddd93

  • SSDEEP

    12288:My90Rml7cRbxvUe/ooSIftaorDIe7i3KJZFnm:MyOmFWxvbQkft1r8bwFnm

Malware Config

Targets

    • Target

      1554e29fb01a9363629c940c1e83c1d2bda375e7a650a761e145cddb9c671297

    • Size

      562KB

    • MD5

      196f9e0f4d6081ac88b8d1f72e55c77e

    • SHA1

      766d25164e58317e32a98a48a23182f9b38d5040

    • SHA256

      1554e29fb01a9363629c940c1e83c1d2bda375e7a650a761e145cddb9c671297

    • SHA512

      e569501cc8e5a7754da01229eb3e4a3cc4d2c3c45accb8229a46927a757ac109d21a80b335bd3492adcc022104a4419a6ec3127d6898c0bc95f51b1e74cddd93

    • SSDEEP

      12288:My90Rml7cRbxvUe/ooSIftaorDIe7i3KJZFnm:MyOmFWxvbQkft1r8bwFnm

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks