General

  • Target

    f23b461bc192214f4ee83506748686f6010fd5b1720ec5a7cfa559b7106869da

  • Size

    560KB

  • Sample

    241110-bnmcfawfmg

  • MD5

    57c490621c7747020dc6941e79105af0

  • SHA1

    ea397af5075f81692928b9fd927ba2df54aa7ea5

  • SHA256

    f23b461bc192214f4ee83506748686f6010fd5b1720ec5a7cfa559b7106869da

  • SHA512

    a9239e1aee17d85ecdcaef80c65dcd94062da8079678835e228ab77793e3bb120ceb208f187dbec9d5078ad65a1253c455680e327498aa78264844a05a662b70

  • SSDEEP

    12288:/y90VO/mbgy3aqZ49sb6J3o3l09SmPxFM:/y3/ygy3akHmY3l0J7M

Malware Config

Targets

    • Target

      f23b461bc192214f4ee83506748686f6010fd5b1720ec5a7cfa559b7106869da

    • Size

      560KB

    • MD5

      57c490621c7747020dc6941e79105af0

    • SHA1

      ea397af5075f81692928b9fd927ba2df54aa7ea5

    • SHA256

      f23b461bc192214f4ee83506748686f6010fd5b1720ec5a7cfa559b7106869da

    • SHA512

      a9239e1aee17d85ecdcaef80c65dcd94062da8079678835e228ab77793e3bb120ceb208f187dbec9d5078ad65a1253c455680e327498aa78264844a05a662b70

    • SSDEEP

      12288:/y90VO/mbgy3aqZ49sb6J3o3l09SmPxFM:/y3/ygy3akHmY3l0J7M

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks