General

  • Target

    d9e01d549f2cf5a17aa80d44835f13a858777b76349e6092c1cc8f97eb288faa

  • Size

    1.5MB

  • Sample

    241110-ebnarasjhm

  • MD5

    a0d6312b6b936a55cd7c2c33833871ef

  • SHA1

    ca18a0256d576e6e0161f996e40bf725355eeb2a

  • SHA256

    d9e01d549f2cf5a17aa80d44835f13a858777b76349e6092c1cc8f97eb288faa

  • SHA512

    21a08e37cbc07157aae077c1a2ede3b037458f4e983146743f5707693f507751de0d987828237787b4ea976ca80f25416fc027870e8d27767899823252956eac

  • SSDEEP

    49152:PzN8I/1nWIApB1POrPsamTtomYUM6LHJG/EvoC:t9nLoMPsaDmxTjIcw

Malware Config

Targets

    • Target

      d9e01d549f2cf5a17aa80d44835f13a858777b76349e6092c1cc8f97eb288faa

    • Size

      1.5MB

    • MD5

      a0d6312b6b936a55cd7c2c33833871ef

    • SHA1

      ca18a0256d576e6e0161f996e40bf725355eeb2a

    • SHA256

      d9e01d549f2cf5a17aa80d44835f13a858777b76349e6092c1cc8f97eb288faa

    • SHA512

      21a08e37cbc07157aae077c1a2ede3b037458f4e983146743f5707693f507751de0d987828237787b4ea976ca80f25416fc027870e8d27767899823252956eac

    • SSDEEP

      49152:PzN8I/1nWIApB1POrPsamTtomYUM6LHJG/EvoC:t9nLoMPsaDmxTjIcw

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks