General

  • Target

    306e1f227d460e2811161a9db8d2eb52a2368b2f98870fa146a9c299cc0a075c

  • Size

    697KB

  • Sample

    241110-bsgyhsyrbr

  • MD5

    7cdaf3891ba1c064b6600038eac7e8bb

  • SHA1

    f020fadd69c223e97f9c1c6f796303108dbce9e9

  • SHA256

    306e1f227d460e2811161a9db8d2eb52a2368b2f98870fa146a9c299cc0a075c

  • SHA512

    bd3e821c2ed19952922086c16ad0c72edde5fcd82b8c3dac3ead2edf74eab4c2712c325456f276b0011185e4991e7d8211896ea8b91b42b0668c8aef4debe455

  • SSDEEP

    12288:Sy90xXSiNGWPBtwmUeCunQDoZ5Dzz74oBHgKkW5r84gjlnRDnwA:Sy2xNXZtxPQDo3XzVBAKkWp84gjlnRDz

Malware Config

Targets

    • Target

      306e1f227d460e2811161a9db8d2eb52a2368b2f98870fa146a9c299cc0a075c

    • Size

      697KB

    • MD5

      7cdaf3891ba1c064b6600038eac7e8bb

    • SHA1

      f020fadd69c223e97f9c1c6f796303108dbce9e9

    • SHA256

      306e1f227d460e2811161a9db8d2eb52a2368b2f98870fa146a9c299cc0a075c

    • SHA512

      bd3e821c2ed19952922086c16ad0c72edde5fcd82b8c3dac3ead2edf74eab4c2712c325456f276b0011185e4991e7d8211896ea8b91b42b0668c8aef4debe455

    • SSDEEP

      12288:Sy90xXSiNGWPBtwmUeCunQDoZ5Dzz74oBHgKkW5r84gjlnRDnwA:Sy2xNXZtxPQDo3XzVBAKkWp84gjlnRDz

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks