General

  • Target

    bdb79e06e6499277104229d3cae943b48a1d1b4d42cd1a72ae62fd92715ce18d

  • Size

    543KB

  • Sample

    241115-b9t96swgrj

  • MD5

    59008f9829678360740875b92d2ef7ea

  • SHA1

    abda88131c6ead5a512d17ea920b5b658742ac11

  • SHA256

    bdb79e06e6499277104229d3cae943b48a1d1b4d42cd1a72ae62fd92715ce18d

  • SHA512

    a11a5de34f455dbdbaadc768ad3f7dd1547a96be06ba439eee1967fc129f2f98a996ee9f6deaa79a5d067248f0cfbde1e213fde67aaafbaa4bbb4ad38facfba9

  • SSDEEP

    12288:7y90tIurssN6eCJQRWWfENe/0BHqKI2Qr8IgjD:7ypurssPuQMUyBKKI2G8IgjD

Malware Config

Targets

    • Target

      bdb79e06e6499277104229d3cae943b48a1d1b4d42cd1a72ae62fd92715ce18d

    • Size

      543KB

    • MD5

      59008f9829678360740875b92d2ef7ea

    • SHA1

      abda88131c6ead5a512d17ea920b5b658742ac11

    • SHA256

      bdb79e06e6499277104229d3cae943b48a1d1b4d42cd1a72ae62fd92715ce18d

    • SHA512

      a11a5de34f455dbdbaadc768ad3f7dd1547a96be06ba439eee1967fc129f2f98a996ee9f6deaa79a5d067248f0cfbde1e213fde67aaafbaa4bbb4ad38facfba9

    • SSDEEP

      12288:7y90tIurssN6eCJQRWWfENe/0BHqKI2Qr8IgjD:7ypurssPuQMUyBKKI2G8IgjD

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks