General

  • Target

    6bf4271e2e9a6ef24bce45813591be60d24da49dddd3141b9c6d97dda071ed74

  • Size

    560KB

  • Sample

    241111-bthansymft

  • MD5

    b55fa82983433480ffe7aedb1529bef0

  • SHA1

    a9331f76ae666d1e07fb241f7dac16f959c51ae7

  • SHA256

    6bf4271e2e9a6ef24bce45813591be60d24da49dddd3141b9c6d97dda071ed74

  • SHA512

    d76af76093c113e2be40dd496c58a311d3efe64daac0236392ed59e6995b2d06ec7e2534e1c78d3a17ae04533ba19ed29973467bebe6172f6b510248389d3a78

  • SSDEEP

    12288:Jy9003w+iI2gq0EsH6e333S09SB+zaoQcAv5:Jyxw+iI2g3Ean3S0OGY

Malware Config

Targets

    • Target

      6bf4271e2e9a6ef24bce45813591be60d24da49dddd3141b9c6d97dda071ed74

    • Size

      560KB

    • MD5

      b55fa82983433480ffe7aedb1529bef0

    • SHA1

      a9331f76ae666d1e07fb241f7dac16f959c51ae7

    • SHA256

      6bf4271e2e9a6ef24bce45813591be60d24da49dddd3141b9c6d97dda071ed74

    • SHA512

      d76af76093c113e2be40dd496c58a311d3efe64daac0236392ed59e6995b2d06ec7e2534e1c78d3a17ae04533ba19ed29973467bebe6172f6b510248389d3a78

    • SSDEEP

      12288:Jy9003w+iI2gq0EsH6e333S09SB+zaoQcAv5:Jyxw+iI2g3Ean3S0OGY

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks