General

  • Target

    8b80f8d5b5032c07808b68897855a9a522e77f0d9c9831e9c35e2f549d8e8499

  • Size

    1.0MB

  • Sample

    241110-byq4dawhmg

  • MD5

    284b11e968b2dab3f242fd2cca8536e0

  • SHA1

    e7f253f5b7654e3a2163d7a7af917dea3998725b

  • SHA256

    8b80f8d5b5032c07808b68897855a9a522e77f0d9c9831e9c35e2f549d8e8499

  • SHA512

    024468884d7ac5613f1d85ec8ebacddec2ed9b1fb9011a7445c69644f5e31fba0a9b233c112ad3587a45a7cb311d92402722d88e7df59284dbab8c29efbe1f16

  • SSDEEP

    24576:Dyuvn1w5Ki4avuXAa15ASyYWne2KvXuy/CCHP78ehHwH:W81w5pvcrrASyjmuKCCHP77Hw

Malware Config

Targets

    • Target

      8b80f8d5b5032c07808b68897855a9a522e77f0d9c9831e9c35e2f549d8e8499

    • Size

      1.0MB

    • MD5

      284b11e968b2dab3f242fd2cca8536e0

    • SHA1

      e7f253f5b7654e3a2163d7a7af917dea3998725b

    • SHA256

      8b80f8d5b5032c07808b68897855a9a522e77f0d9c9831e9c35e2f549d8e8499

    • SHA512

      024468884d7ac5613f1d85ec8ebacddec2ed9b1fb9011a7445c69644f5e31fba0a9b233c112ad3587a45a7cb311d92402722d88e7df59284dbab8c29efbe1f16

    • SSDEEP

      24576:Dyuvn1w5Ki4avuXAa15ASyYWne2KvXuy/CCHP78ehHwH:W81w5pvcrrASyjmuKCCHP77Hw

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks