General
-
Target
JC_73b22f502e13421b0e4c73bd912e0428b9f5784164584d749895a639b2b8cc01
-
Size
829KB
-
Sample
230902-nmxg8scc8v
-
MD5
f20519ef1d14b83bc9b09a97f1486ea1
-
SHA1
bcd50b06605bae10eec353894bf4e9536b73b508
-
SHA256
73b22f502e13421b0e4c73bd912e0428b9f5784164584d749895a639b2b8cc01
-
SHA512
19f5feaf6e328e6475dfef5caa3998f5f61e622c609da58e399724c2069bb40c458ba9e0cd66533c557f4e1cfb75efe90f88e65e1c92be0ec29c0eb3b92cdef2
-
SSDEEP
12288:UMrNy90iDTO0tPj1vSG7jIgKYdUL6HNdx9kEV9pW2TpHkFhcW9JbEZZlWUcDg:hyndjNSFVYdUmtdx6SpW6HIX9aZZl1
Malware Config
Extracted
redline
bobik
77.91.124.82:19071
-
auth_value
d639522ae3c9dda998264d691a19eb33
Targets
-
-
Target
JC_73b22f502e13421b0e4c73bd912e0428b9f5784164584d749895a639b2b8cc01
-
Size
829KB
-
MD5
f20519ef1d14b83bc9b09a97f1486ea1
-
SHA1
bcd50b06605bae10eec353894bf4e9536b73b508
-
SHA256
73b22f502e13421b0e4c73bd912e0428b9f5784164584d749895a639b2b8cc01
-
SHA512
19f5feaf6e328e6475dfef5caa3998f5f61e622c609da58e399724c2069bb40c458ba9e0cd66533c557f4e1cfb75efe90f88e65e1c92be0ec29c0eb3b92cdef2
-
SSDEEP
12288:UMrNy90iDTO0tPj1vSG7jIgKYdUL6HNdx9kEV9pW2TpHkFhcW9JbEZZlWUcDg:hyndjNSFVYdUmtdx6SpW6HIX9aZZl1
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1