General

  • Target

    f00f90730a46228e0bab05ff077aebfdfb79165fc096655d13f30584409659fd

  • Size

    558KB

  • Sample

    241110-bwtrgswhkc

  • MD5

    c0583367913cb3bfacec39190df16ae5

  • SHA1

    1db6cda937e2d14c628bc885bbae2527a649ca7e

  • SHA256

    f00f90730a46228e0bab05ff077aebfdfb79165fc096655d13f30584409659fd

  • SHA512

    847a2286faafe0b54a77d626583a434c26b5e1d0f14ae45a1b0189ce6f97deb54a9eac0f6130d716623775ebb2f836f17e061855c0228094b1c8a636dbea0a86

  • SSDEEP

    12288:ey90D6z6bdu8T57RHHJeNFps6BpDomaixIB7FyEOysYg:eyfz6b9T57RJefMwO+J

Malware Config

Targets

    • Target

      f00f90730a46228e0bab05ff077aebfdfb79165fc096655d13f30584409659fd

    • Size

      558KB

    • MD5

      c0583367913cb3bfacec39190df16ae5

    • SHA1

      1db6cda937e2d14c628bc885bbae2527a649ca7e

    • SHA256

      f00f90730a46228e0bab05ff077aebfdfb79165fc096655d13f30584409659fd

    • SHA512

      847a2286faafe0b54a77d626583a434c26b5e1d0f14ae45a1b0189ce6f97deb54a9eac0f6130d716623775ebb2f836f17e061855c0228094b1c8a636dbea0a86

    • SSDEEP

      12288:ey90D6z6bdu8T57RHHJeNFps6BpDomaixIB7FyEOysYg:eyfz6b9T57RJefMwO+J

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks