General

  • Target

    1b8b8ac331fd4a91f02155a6b42d13f199052ba4f11db12e8e2395e2b9c69b44

  • Size

    746KB

  • Sample

    241110-eb9traylbw

  • MD5

    530d23f755eb7cf537ca70efd690740c

  • SHA1

    9fa198502930edb133c042dea22c59fc80d4efb8

  • SHA256

    1b8b8ac331fd4a91f02155a6b42d13f199052ba4f11db12e8e2395e2b9c69b44

  • SHA512

    58d05d9f10273f8fd5c2e73814b5e451b76c6f756116dccdf788fe0c10f787fae8656802fa0bcfff459a595927bcbe1fc173f46a5c94d0032949730f1b11dd10

  • SSDEEP

    12288:py90jlrSKlGDAn8HYl3GlCzfMDlCDPjqNVol96qjOiCOb+9g:pypMn84l2IrQlMP+kbOiCs

Malware Config

Targets

    • Target

      1b8b8ac331fd4a91f02155a6b42d13f199052ba4f11db12e8e2395e2b9c69b44

    • Size

      746KB

    • MD5

      530d23f755eb7cf537ca70efd690740c

    • SHA1

      9fa198502930edb133c042dea22c59fc80d4efb8

    • SHA256

      1b8b8ac331fd4a91f02155a6b42d13f199052ba4f11db12e8e2395e2b9c69b44

    • SHA512

      58d05d9f10273f8fd5c2e73814b5e451b76c6f756116dccdf788fe0c10f787fae8656802fa0bcfff459a595927bcbe1fc173f46a5c94d0032949730f1b11dd10

    • SSDEEP

      12288:py90jlrSKlGDAn8HYl3GlCzfMDlCDPjqNVol96qjOiCOb+9g:pypMn84l2IrQlMP+kbOiCs

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks