General
-
Target
601033ae1bcaaf94d20f7157b8dea60c.exe
-
Size
1.2MB
-
Sample
230716-jap56sch84
-
MD5
601033ae1bcaaf94d20f7157b8dea60c
-
SHA1
33a37fd9a2d05479fbadb16c595c56771f769b0b
-
SHA256
c2bc49b59e5e1db1de343f8bbb545e4810d90ddbf098b3e8fc57b28aa3141b88
-
SHA512
0a19eb93c6987246c6a4e76b046a231b31c470ecf96aa1ca309867abafa85cf460bdf65122e66bee36e11da6077f305d0ad93bd382510facad5722d8189f0f36
-
SSDEEP
24576:yyGpu4AOKi6PHLWff4ZdnfScZJ4ZL/GNI1LfmU97hlINtFkwqx:ZGpZdKT/L6f4ZdnRJi/iefh970Nti
Malware Config
Extracted
redline
lamp
77.91.68.56:19071
-
auth_value
ee1df63bcdbe3de70f52810d94eaff7d
Targets
-
-
Target
601033ae1bcaaf94d20f7157b8dea60c.exe
-
Size
1.2MB
-
MD5
601033ae1bcaaf94d20f7157b8dea60c
-
SHA1
33a37fd9a2d05479fbadb16c595c56771f769b0b
-
SHA256
c2bc49b59e5e1db1de343f8bbb545e4810d90ddbf098b3e8fc57b28aa3141b88
-
SHA512
0a19eb93c6987246c6a4e76b046a231b31c470ecf96aa1ca309867abafa85cf460bdf65122e66bee36e11da6077f305d0ad93bd382510facad5722d8189f0f36
-
SSDEEP
24576:yyGpu4AOKi6PHLWff4ZdnfScZJ4ZL/GNI1LfmU97hlINtFkwqx:ZGpZdKT/L6f4ZdnRJi/iefh970Nti
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-