General

  • Target

    b19d01ea086642084884e2927075e98f8341327406c685e457420cb96dceffbe

  • Size

    1.5MB

  • Sample

    241110-bpezravrcv

  • MD5

    9809716a678485184f66c13bc678beec

  • SHA1

    4ff102ea598e8cc76c5d879366f3967bb77b6f51

  • SHA256

    b19d01ea086642084884e2927075e98f8341327406c685e457420cb96dceffbe

  • SHA512

    7a2c3ab6c4dc67a67d950cbfdc950600000c374463f9486d19a6173bbabe3f1a2bd0a394e191f1a8f1ebfc6744e8f3171fecb7dec9d1a54dda9b4c58f070c525

  • SSDEEP

    49152:XSCCUTqqkPvi+b7DdZP1L56dQo4kuKePm:oVFPaQJZPNgdQovA

Malware Config

Targets

    • Target

      b19d01ea086642084884e2927075e98f8341327406c685e457420cb96dceffbe

    • Size

      1.5MB

    • MD5

      9809716a678485184f66c13bc678beec

    • SHA1

      4ff102ea598e8cc76c5d879366f3967bb77b6f51

    • SHA256

      b19d01ea086642084884e2927075e98f8341327406c685e457420cb96dceffbe

    • SHA512

      7a2c3ab6c4dc67a67d950cbfdc950600000c374463f9486d19a6173bbabe3f1a2bd0a394e191f1a8f1ebfc6744e8f3171fecb7dec9d1a54dda9b4c58f070c525

    • SSDEEP

      49152:XSCCUTqqkPvi+b7DdZP1L56dQo4kuKePm:oVFPaQJZPNgdQovA

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks