General
-
Target
b7d32dd66507f98e67e516220048ce3e47cbb10af251b92ca19db22a85ab667b
-
Size
389KB
-
Sample
230720-rjmemshe5z
-
MD5
8a0f4289b99fb33def3140c849321cdd
-
SHA1
48ce800243b80391979c1efbf4a2e30b5bf04331
-
SHA256
b7d32dd66507f98e67e516220048ce3e47cbb10af251b92ca19db22a85ab667b
-
SHA512
3c489c6560eb56f797565e21a45df81daabe2e96d3d3847cf503068430e43c8942484d7f34e3a06932dc024b7fefeca14a13de37645f38078dc5d43f89cbae1a
-
SSDEEP
6144:KHy+bnr+Vp0yN90QEmjAlrUolD7dxXMuiGVHyjZhOZTpC/ZwglZQ5Gfh45639X:NMrNy90YACoHxcpyH8ruT+vZC639X
Malware Config
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Targets
-
-
Target
b7d32dd66507f98e67e516220048ce3e47cbb10af251b92ca19db22a85ab667b
-
Size
389KB
-
MD5
8a0f4289b99fb33def3140c849321cdd
-
SHA1
48ce800243b80391979c1efbf4a2e30b5bf04331
-
SHA256
b7d32dd66507f98e67e516220048ce3e47cbb10af251b92ca19db22a85ab667b
-
SHA512
3c489c6560eb56f797565e21a45df81daabe2e96d3d3847cf503068430e43c8942484d7f34e3a06932dc024b7fefeca14a13de37645f38078dc5d43f89cbae1a
-
SSDEEP
6144:KHy+bnr+Vp0yN90QEmjAlrUolD7dxXMuiGVHyjZhOZTpC/ZwglZQ5Gfh45639X:NMrNy90YACoHxcpyH8ruT+vZC639X
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1