General

  • Target

    aaff4ebab5a603903b8187ff7a529bc542fb535881f4b59fd729aa74c3fcc3b8

  • Size

    376KB

  • Sample

    241110-bpbx4awfpa

  • MD5

    dc69e255556cf0467bcbefbb119ce140

  • SHA1

    f177f9736bf343747c1347b27ed17d5540ceec3c

  • SHA256

    aaff4ebab5a603903b8187ff7a529bc542fb535881f4b59fd729aa74c3fcc3b8

  • SHA512

    fd3679ebd3f25631df9b25cd71116013c92424fb188723663c181ffaa2c8a4d7e3378bc71178b9ca05390621b13cbafc0c617bfd9e95560846b40200292315ab

  • SSDEEP

    6144:K9y+bnr+cp0yN90QE6MPHZcKzMeKd1cSDfdNcr7:XMrQy90AwHZcGGFdN+

Malware Config

Targets

    • Target

      aaff4ebab5a603903b8187ff7a529bc542fb535881f4b59fd729aa74c3fcc3b8

    • Size

      376KB

    • MD5

      dc69e255556cf0467bcbefbb119ce140

    • SHA1

      f177f9736bf343747c1347b27ed17d5540ceec3c

    • SHA256

      aaff4ebab5a603903b8187ff7a529bc542fb535881f4b59fd729aa74c3fcc3b8

    • SHA512

      fd3679ebd3f25631df9b25cd71116013c92424fb188723663c181ffaa2c8a4d7e3378bc71178b9ca05390621b13cbafc0c617bfd9e95560846b40200292315ab

    • SSDEEP

      6144:K9y+bnr+cp0yN90QE6MPHZcKzMeKd1cSDfdNcr7:XMrQy90AwHZcGGFdN+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks