General

  • Target

    5e774b79ac0b3b80b808bc364d546818495ea90ecde07072f3220e6c7a3c80a8

  • Size

    1.1MB

  • Sample

    241110-bm85tawfma

  • MD5

    c2b4b8f2cb603456c23725ed41dedd8f

  • SHA1

    ce7b02fb07ce63496fb9bddbed9fdcc95e1e2e30

  • SHA256

    5e774b79ac0b3b80b808bc364d546818495ea90ecde07072f3220e6c7a3c80a8

  • SHA512

    33dc5a40a77db36511a5b28ba906dd6883edd4ba2f2f95804d902a728478e6b15284b1ef3ce9b5a65bd290e32b59fd76e4319564f7a212e0b4db405ba223e5de

  • SSDEEP

    24576:TyLOqxXGRxSCalyWUkazr8HRXEy9d40C8PjxnSNzKCVEx6P:mB2xSCarUlox140C8PjQNNVEx6

Malware Config

Targets

    • Target

      5e774b79ac0b3b80b808bc364d546818495ea90ecde07072f3220e6c7a3c80a8

    • Size

      1.1MB

    • MD5

      c2b4b8f2cb603456c23725ed41dedd8f

    • SHA1

      ce7b02fb07ce63496fb9bddbed9fdcc95e1e2e30

    • SHA256

      5e774b79ac0b3b80b808bc364d546818495ea90ecde07072f3220e6c7a3c80a8

    • SHA512

      33dc5a40a77db36511a5b28ba906dd6883edd4ba2f2f95804d902a728478e6b15284b1ef3ce9b5a65bd290e32b59fd76e4319564f7a212e0b4db405ba223e5de

    • SSDEEP

      24576:TyLOqxXGRxSCalyWUkazr8HRXEy9d40C8PjxnSNzKCVEx6P:mB2xSCarUlox140C8PjQNNVEx6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks