General

  • Target

    3b2a70ab057a89e4fa4c8980396e0937e8f3cc4410bf3502525d1191621e5fd2

  • Size

    690KB

  • Sample

    241110-bthlfayrdr

  • MD5

    b7e0f215efae4921857afd8bfeddb797

  • SHA1

    0d27b0c1358676e28b09fdfc62abd52ae8bd676e

  • SHA256

    3b2a70ab057a89e4fa4c8980396e0937e8f3cc4410bf3502525d1191621e5fd2

  • SHA512

    7ba2597c31e69f1a38ca3c3b88842b89907a907ddd56bc92eed12d73c53df3b8f8fd153163245e78f242766386a2c4ddea48be42e5f82c9c6678a9f67428822e

  • SSDEEP

    12288:Py90rN+EA34KXcBjc1L9vf1WwSHK2bG7ZJeBU0ArH2/mc+5alwJnF:Pyzp3sKzcwiK2bGdJegz2/x+5alwJnF

Malware Config

Targets

    • Target

      3b2a70ab057a89e4fa4c8980396e0937e8f3cc4410bf3502525d1191621e5fd2

    • Size

      690KB

    • MD5

      b7e0f215efae4921857afd8bfeddb797

    • SHA1

      0d27b0c1358676e28b09fdfc62abd52ae8bd676e

    • SHA256

      3b2a70ab057a89e4fa4c8980396e0937e8f3cc4410bf3502525d1191621e5fd2

    • SHA512

      7ba2597c31e69f1a38ca3c3b88842b89907a907ddd56bc92eed12d73c53df3b8f8fd153163245e78f242766386a2c4ddea48be42e5f82c9c6678a9f67428822e

    • SSDEEP

      12288:Py90rN+EA34KXcBjc1L9vf1WwSHK2bG7ZJeBU0ArH2/mc+5alwJnF:Pyzp3sKzcwiK2bGdJegz2/x+5alwJnF

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks