General

  • Target

    e16e6e348f270653921e0c1e33a75777769f851aa4c02e362e4f281e8762846bN

  • Size

    608KB

  • Sample

    241110-bxy3lawhlc

  • MD5

    3507e3debab92fabc40f213361a2bc50

  • SHA1

    43ca9016b65206490873a2908238186e025e24d8

  • SHA256

    e16e6e348f270653921e0c1e33a75777769f851aa4c02e362e4f281e8762846b

  • SHA512

    8c88d27401ec657eb79425f2f8a4565806ba4918a234213cf250c7670e3c003b3511b17af7c4192713b8f3de2cbc913a20cebd956a6823a777390d922c8e0814

  • SSDEEP

    12288:Xy90hFZ5ThV6oMPGO5tU57ttyLNtC3x5zUInDaMFwv/:Xy4Z5ThY/OO5tUNtINtCnzUI8n

Malware Config

Targets

    • Target

      e16e6e348f270653921e0c1e33a75777769f851aa4c02e362e4f281e8762846bN

    • Size

      608KB

    • MD5

      3507e3debab92fabc40f213361a2bc50

    • SHA1

      43ca9016b65206490873a2908238186e025e24d8

    • SHA256

      e16e6e348f270653921e0c1e33a75777769f851aa4c02e362e4f281e8762846b

    • SHA512

      8c88d27401ec657eb79425f2f8a4565806ba4918a234213cf250c7670e3c003b3511b17af7c4192713b8f3de2cbc913a20cebd956a6823a777390d922c8e0814

    • SSDEEP

      12288:Xy90hFZ5ThV6oMPGO5tU57ttyLNtC3x5zUInDaMFwv/:Xy4Z5ThY/OO5tUNtINtCnzUI8n

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks