General
-
Target
b21fc8a88033c5d6048ec53a56c2db9684be35a60560d.exe
-
Size
529KB
-
Sample
230707-we54eaad66
-
MD5
a04edbdffe7cbe56e8099da8eebb9b0e
-
SHA1
033226b55c2c41d5c58d7a93318c74e5eae7a0e3
-
SHA256
b21fc8a88033c5d6048ec53a56c2db9684be35a60560d2cb37f931f3bbcf2fed
-
SHA512
8bebdec514a96ab0ac7527008ce77196c9740eacb2811aec3411a7d519a69bd3a0284f703e9b1d2ec778b865cca0d6478c5ba13abef0db9dee5c49724392b1ec
-
SSDEEP
12288:GpMNgtfvmaRdnQgn9rmzaBvoFa47/nRazCyanAu:GpMNgZvm82gnZya5oFFFySAu
Malware Config
Extracted
redline
furod
77.91.68.70:19073
-
auth_value
d2386245fe11799b28b4521492a5879d
Targets
-
-
Target
b21fc8a88033c5d6048ec53a56c2db9684be35a60560d.exe
-
Size
529KB
-
MD5
a04edbdffe7cbe56e8099da8eebb9b0e
-
SHA1
033226b55c2c41d5c58d7a93318c74e5eae7a0e3
-
SHA256
b21fc8a88033c5d6048ec53a56c2db9684be35a60560d2cb37f931f3bbcf2fed
-
SHA512
8bebdec514a96ab0ac7527008ce77196c9740eacb2811aec3411a7d519a69bd3a0284f703e9b1d2ec778b865cca0d6478c5ba13abef0db9dee5c49724392b1ec
-
SSDEEP
12288:GpMNgtfvmaRdnQgn9rmzaBvoFa47/nRazCyanAu:GpMNgZvm82gnZya5oFFFySAu
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-