General

  • Target

    8118956954cd4c55aec70898805a5ec8df3d95dee51478129e34b249856f9d36

  • Size

    1.1MB

  • Sample

    241122-bt2pbaxnak

  • MD5

    61b01d32cff96028325c3796a83ec98f

  • SHA1

    160e8ae834d9a3a2f8b63b7bf2e27efeba7e47b0

  • SHA256

    8118956954cd4c55aec70898805a5ec8df3d95dee51478129e34b249856f9d36

  • SHA512

    99f3ed9889b2b5c2b7e3fe8dd9585a09930852a5498b54c555ecab8feeeec3785d48ae276c7327eb72a251534adbe83cb57944a21a671599c008a89a915c8fb6

  • SSDEEP

    24576:KyrHaRryJ1kVpZgkPRFioaBuGbcE0T/SwwxLyomI4T:RTaRrsqPhaBFbxo/Zwx/+

Malware Config

Targets

    • Target

      8118956954cd4c55aec70898805a5ec8df3d95dee51478129e34b249856f9d36

    • Size

      1.1MB

    • MD5

      61b01d32cff96028325c3796a83ec98f

    • SHA1

      160e8ae834d9a3a2f8b63b7bf2e27efeba7e47b0

    • SHA256

      8118956954cd4c55aec70898805a5ec8df3d95dee51478129e34b249856f9d36

    • SHA512

      99f3ed9889b2b5c2b7e3fe8dd9585a09930852a5498b54c555ecab8feeeec3785d48ae276c7327eb72a251534adbe83cb57944a21a671599c008a89a915c8fb6

    • SSDEEP

      24576:KyrHaRryJ1kVpZgkPRFioaBuGbcE0T/SwwxLyomI4T:RTaRrsqPhaBFbxo/Zwx/+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks