General

  • Target

    9ebb32ade38c26f898c85f6108e0e4efb679ddb4b85c00e601a321477cf31841

  • Size

    707KB

  • Sample

    241110-bwp4aswjf1

  • MD5

    12bae2f9e7607766300867e0214e8f99

  • SHA1

    e6e8c016de3d48b28b2eaad41dfbec415a2a528a

  • SHA256

    9ebb32ade38c26f898c85f6108e0e4efb679ddb4b85c00e601a321477cf31841

  • SHA512

    0157783ed21aeb54fb22555474bbf53b603086f044b7e87406f3a3b47ceab6ead3b6e2e94247e3e76132617761c5f4abf3e03d3a9451e736c4237e8e642755e9

  • SSDEEP

    12288:3y90A9UvPrvhssNO91SEt8Xk34GcCSOoBy6Z/cl8J9LAlANS:3yt94dA58Xk7c6K1B99S

Malware Config

Targets

    • Target

      9ebb32ade38c26f898c85f6108e0e4efb679ddb4b85c00e601a321477cf31841

    • Size

      707KB

    • MD5

      12bae2f9e7607766300867e0214e8f99

    • SHA1

      e6e8c016de3d48b28b2eaad41dfbec415a2a528a

    • SHA256

      9ebb32ade38c26f898c85f6108e0e4efb679ddb4b85c00e601a321477cf31841

    • SHA512

      0157783ed21aeb54fb22555474bbf53b603086f044b7e87406f3a3b47ceab6ead3b6e2e94247e3e76132617761c5f4abf3e03d3a9451e736c4237e8e642755e9

    • SSDEEP

      12288:3y90A9UvPrvhssNO91SEt8Xk34GcCSOoBy6Z/cl8J9LAlANS:3yt94dA58Xk7c6K1B99S

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks