General

  • Target

    427e98eabb9efdac2054455e1dfb186f8e761ebbac81209d7373e3137d06c612

  • Size

    966KB

  • Sample

    241110-bmewzayqcl

  • MD5

    8bcd58216755fe1f11a7715214a7774a

  • SHA1

    5603c9700a96761cd13d7ad8ad09c854a7fb5f34

  • SHA256

    427e98eabb9efdac2054455e1dfb186f8e761ebbac81209d7373e3137d06c612

  • SHA512

    d26a5f6dbb533efc6a382ae8a51b0f18a532cd5d2d7dcda40aa4c4e537f2c8d3f16cbb8b61afbe6a17388290c99256d0f34c4288ed0e559dc87ca5bd7ffaabc8

  • SSDEEP

    24576:EygR5Su+2AAxOG65cL+rrZcnUkMiGJCVlewuc:TWcu+2lxOGSjynAiQCVYj

Malware Config

Targets

    • Target

      427e98eabb9efdac2054455e1dfb186f8e761ebbac81209d7373e3137d06c612

    • Size

      966KB

    • MD5

      8bcd58216755fe1f11a7715214a7774a

    • SHA1

      5603c9700a96761cd13d7ad8ad09c854a7fb5f34

    • SHA256

      427e98eabb9efdac2054455e1dfb186f8e761ebbac81209d7373e3137d06c612

    • SHA512

      d26a5f6dbb533efc6a382ae8a51b0f18a532cd5d2d7dcda40aa4c4e537f2c8d3f16cbb8b61afbe6a17388290c99256d0f34c4288ed0e559dc87ca5bd7ffaabc8

    • SSDEEP

      24576:EygR5Su+2AAxOG65cL+rrZcnUkMiGJCVlewuc:TWcu+2lxOGSjynAiQCVYj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks