General

  • Target

    e2081271607ea1c754d6c5b9d46a6bf05189113a45da8a1a4a227a0483e08c3d

  • Size

    935KB

  • Sample

    241110-bmn5mswekj

  • MD5

    3462a1d3dd662e6d0fbdb1c3d403f77c

  • SHA1

    8d525c5f65133740e322e0ad4797eba14d7a4987

  • SHA256

    e2081271607ea1c754d6c5b9d46a6bf05189113a45da8a1a4a227a0483e08c3d

  • SHA512

    f124b2f295cfff6154ed96f3af123dd1cf2d8a2353b337c9e3c966d9fbf632177fe54458d6e4b902ad0b33f3ddb2e22e56e7a7aacecd9c283ea4c04ce1ad9665

  • SSDEEP

    12288:2y90qRNvCIbIzdGdnkrppYjTcYZvfxZ+lxfsCDIR9iaqe5WmJ/402kihDOkhptKK:2yfRk6Hn+pucYOuCxzeub/hhKK

Malware Config

Targets

    • Target

      e2081271607ea1c754d6c5b9d46a6bf05189113a45da8a1a4a227a0483e08c3d

    • Size

      935KB

    • MD5

      3462a1d3dd662e6d0fbdb1c3d403f77c

    • SHA1

      8d525c5f65133740e322e0ad4797eba14d7a4987

    • SHA256

      e2081271607ea1c754d6c5b9d46a6bf05189113a45da8a1a4a227a0483e08c3d

    • SHA512

      f124b2f295cfff6154ed96f3af123dd1cf2d8a2353b337c9e3c966d9fbf632177fe54458d6e4b902ad0b33f3ddb2e22e56e7a7aacecd9c283ea4c04ce1ad9665

    • SSDEEP

      12288:2y90qRNvCIbIzdGdnkrppYjTcYZvfxZ+lxfsCDIR9iaqe5WmJ/402kihDOkhptKK:2yfRk6Hn+pucYOuCxzeub/hhKK

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks