General

  • Target

    df4711ee8244a839a85066f76c82bf7bb3438acdaf1f6e4bdba6ecb3604431a4

  • Size

    806KB

  • Sample

    241110-bnlqxawfmf

  • MD5

    b58ba40696d920ad965f97bbeaf09f7f

  • SHA1

    e2448b487de718ae90f5c872a602a1e13b0b4ada

  • SHA256

    df4711ee8244a839a85066f76c82bf7bb3438acdaf1f6e4bdba6ecb3604431a4

  • SHA512

    2aa88d43d2b9e28753b5edeb8734f703a834f402271156f19ef556ac1af7d2c584e116679dfea98ea6d7ae6e8acccd92bf02d82ae56fb7a3c36933ec793c8c62

  • SSDEEP

    12288:ry90zLPZhmWF5VtFGb/B923EgyAa1fBZ0v4pc6P8QU+adugOlzpFFV:ryELPZNF5Jo/Bk0H1pmv4pZP8Sv

Malware Config

Targets

    • Target

      df4711ee8244a839a85066f76c82bf7bb3438acdaf1f6e4bdba6ecb3604431a4

    • Size

      806KB

    • MD5

      b58ba40696d920ad965f97bbeaf09f7f

    • SHA1

      e2448b487de718ae90f5c872a602a1e13b0b4ada

    • SHA256

      df4711ee8244a839a85066f76c82bf7bb3438acdaf1f6e4bdba6ecb3604431a4

    • SHA512

      2aa88d43d2b9e28753b5edeb8734f703a834f402271156f19ef556ac1af7d2c584e116679dfea98ea6d7ae6e8acccd92bf02d82ae56fb7a3c36933ec793c8c62

    • SSDEEP

      12288:ry90zLPZhmWF5VtFGb/B923EgyAa1fBZ0v4pc6P8QU+adugOlzpFFV:ryELPZNF5Jo/Bk0H1pmv4pZP8Sv

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks