General

  • Target

    bafe8f16740412e33fea0427338c8f7f255b19299e31a3fbd461c2c25bb9f2f3

  • Size

    552KB

  • Sample

    241115-b6eqbawgmp

  • MD5

    943c1f910d2db3e596d458c69abc08bb

  • SHA1

    e6e8b7265b16761efc57634b8ece8d94994a73dd

  • SHA256

    bafe8f16740412e33fea0427338c8f7f255b19299e31a3fbd461c2c25bb9f2f3

  • SHA512

    40d1db358c3d964db2efca1e7fe5d8695a16d30ea84dffc6433e867961c8f330d39bb3c16880dbc0ecf147dcb560e6ad14982ffc871a4ec775915fddf3ec4002

  • SSDEEP

    12288:By90P41FK4xSHg2TGv0y9nkCUfE8IOSsemQyYhi+:Byg4kzGf9nUfgsew+

Malware Config

Targets

    • Target

      bafe8f16740412e33fea0427338c8f7f255b19299e31a3fbd461c2c25bb9f2f3

    • Size

      552KB

    • MD5

      943c1f910d2db3e596d458c69abc08bb

    • SHA1

      e6e8b7265b16761efc57634b8ece8d94994a73dd

    • SHA256

      bafe8f16740412e33fea0427338c8f7f255b19299e31a3fbd461c2c25bb9f2f3

    • SHA512

      40d1db358c3d964db2efca1e7fe5d8695a16d30ea84dffc6433e867961c8f330d39bb3c16880dbc0ecf147dcb560e6ad14982ffc871a4ec775915fddf3ec4002

    • SSDEEP

      12288:By90P41FK4xSHg2TGv0y9nkCUfE8IOSsemQyYhi+:Byg4kzGf9nUfgsew+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks