General

  • Target

    b866aff4c6b3363e0135288aefe3470c8d883f7172d6fea39a63434dc2b3173c

  • Size

    935KB

  • Sample

    241110-bmkr8awfld

  • MD5

    e1db4e1834db5f762a3b249960732d06

  • SHA1

    e741d40d7e9fee649381b9eac87db2abec1d7df7

  • SHA256

    b866aff4c6b3363e0135288aefe3470c8d883f7172d6fea39a63434dc2b3173c

  • SHA512

    e8af1afe2e4788f1a41ca2d356675afd2e32207576959eb137b87de9bccba38c5b4a74271a8c3665656a3276bc91c8349517287285adff8d67785e32d55005c4

  • SSDEEP

    24576:cy6csZ8qT02kh8y/hnLzBBgP9xjw/MFBVV:LJsdo4AXAXw0T

Malware Config

Targets

    • Target

      b866aff4c6b3363e0135288aefe3470c8d883f7172d6fea39a63434dc2b3173c

    • Size

      935KB

    • MD5

      e1db4e1834db5f762a3b249960732d06

    • SHA1

      e741d40d7e9fee649381b9eac87db2abec1d7df7

    • SHA256

      b866aff4c6b3363e0135288aefe3470c8d883f7172d6fea39a63434dc2b3173c

    • SHA512

      e8af1afe2e4788f1a41ca2d356675afd2e32207576959eb137b87de9bccba38c5b4a74271a8c3665656a3276bc91c8349517287285adff8d67785e32d55005c4

    • SSDEEP

      24576:cy6csZ8qT02kh8y/hnLzBBgP9xjw/MFBVV:LJsdo4AXAXw0T

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks