General
-
Target
b095f9550daa4461d27cb4771.exe
-
Size
531KB
-
Sample
230709-x1v11afe26
-
MD5
c046bc24f511bdad2f9090bda33fa17f
-
SHA1
6ec1f7dfd0413a2bac8f95b9076d2824bc88c900
-
SHA256
b095f9550daa4461d27cb4771f3f87d3a4c2d02aaddbb1cd4419183ae0fdea5e
-
SHA512
6150a831c466c8c6fdb5fcc393060fa0d12c28d34dcc748128e1bd44eaf71ff92f01dfc9d75c7cd31487581b48f3f54acdf78cb9cf5b9acb7fc758a51d02e01c
-
SSDEEP
12288:YnyRBYfv7aRdnQgknXtfqP5Q1TwnpxOCnO8xjWp8By4haQIJM3:YyRByv782gufqP5Q13CYAuJg
Malware Config
Extracted
redline
furod
77.91.68.70:19073
-
auth_value
d2386245fe11799b28b4521492a5879d
Targets
-
-
Target
b095f9550daa4461d27cb4771.exe
-
Size
531KB
-
MD5
c046bc24f511bdad2f9090bda33fa17f
-
SHA1
6ec1f7dfd0413a2bac8f95b9076d2824bc88c900
-
SHA256
b095f9550daa4461d27cb4771f3f87d3a4c2d02aaddbb1cd4419183ae0fdea5e
-
SHA512
6150a831c466c8c6fdb5fcc393060fa0d12c28d34dcc748128e1bd44eaf71ff92f01dfc9d75c7cd31487581b48f3f54acdf78cb9cf5b9acb7fc758a51d02e01c
-
SSDEEP
12288:YnyRBYfv7aRdnQgknXtfqP5Q1TwnpxOCnO8xjWp8By4haQIJM3:YyRByv782gufqP5Q13CYAuJg
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-