General

  • Target

    86efe8458f19b9bdf9243150354534218832b27d2b31ace6a2a13df256e5d8cb

  • Size

    1.0MB

  • Sample

    241110-bp1lfswfqa

  • MD5

    a8e3639ecb4a500fc6f2f945ee422113

  • SHA1

    b36e4b9c41c9e3a2c32cf5e9b901e66ee046d991

  • SHA256

    86efe8458f19b9bdf9243150354534218832b27d2b31ace6a2a13df256e5d8cb

  • SHA512

    43795977a81d1d411380b41ff51933a8365a3399973733fa5b3a9ee7ecf01a697f488aaaf7eab1110196f263f3ae85109f9da65baa3fa58d44ce25c787abae34

  • SSDEEP

    24576:YcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:omZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

Malware Config

Targets

    • Target

      86efe8458f19b9bdf9243150354534218832b27d2b31ace6a2a13df256e5d8cb

    • Size

      1.0MB

    • MD5

      a8e3639ecb4a500fc6f2f945ee422113

    • SHA1

      b36e4b9c41c9e3a2c32cf5e9b901e66ee046d991

    • SHA256

      86efe8458f19b9bdf9243150354534218832b27d2b31ace6a2a13df256e5d8cb

    • SHA512

      43795977a81d1d411380b41ff51933a8365a3399973733fa5b3a9ee7ecf01a697f488aaaf7eab1110196f263f3ae85109f9da65baa3fa58d44ce25c787abae34

    • SSDEEP

      24576:YcIu58c6Od3W36hmxGaKc1HIcf0ErjxO+TtR1N2VRDrcG3:omZ6Od3WqFaKc1Hh8ErdOWR1N2fDrc

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks