General
-
Target
570fd937e3843137c153d06825015af3c0bb720ba243d8b36ff650edb5a152ae
-
Size
836KB
-
Sample
230822-bfmy1aah7s
-
MD5
10b3922278907019b3c379abd49ab4ae
-
SHA1
779b33818aec52120a462372451684d312fd8514
-
SHA256
570fd937e3843137c153d06825015af3c0bb720ba243d8b36ff650edb5a152ae
-
SHA512
4899551bccbbaf9a666afc3743b6dba307eaa21e581e70980ff9b80764ab89aaf412087d12eee01479d7f6146c147fac56f5c0131451342fdb06ecb23df4bf28
-
SSDEEP
12288:dMryy90f2szxvwfkEux6bqi40fR4xz9q4iF1Ryyz4CSqz1nMC/tcQC:LyW2awfkNAb80fR4vq4ilT4CnMQC
Malware Config
Extracted
redline
piter
77.91.124.73:19071
-
auth_value
7f92ff466423bb35edbfbc22f78b0bb9
Targets
-
-
Target
570fd937e3843137c153d06825015af3c0bb720ba243d8b36ff650edb5a152ae
-
Size
836KB
-
MD5
10b3922278907019b3c379abd49ab4ae
-
SHA1
779b33818aec52120a462372451684d312fd8514
-
SHA256
570fd937e3843137c153d06825015af3c0bb720ba243d8b36ff650edb5a152ae
-
SHA512
4899551bccbbaf9a666afc3743b6dba307eaa21e581e70980ff9b80764ab89aaf412087d12eee01479d7f6146c147fac56f5c0131451342fdb06ecb23df4bf28
-
SSDEEP
12288:dMryy90f2szxvwfkEux6bqi40fR4xz9q4iF1Ryyz4CSqz1nMC/tcQC:LyW2awfkNAb80fR4vq4ilT4CnMQC
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1