General
-
Target
JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac
-
Size
1.2MB
-
Sample
230918-wcf2habc6y
-
MD5
4b6ec23a4f0b592c27531bdd2a204865
-
SHA1
0ff7a0f37a8ce8e4d19edfb7d303f4c6d44b070c
-
SHA256
5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac
-
SHA512
6cd41905122e6d41edd8b2ca515c29bc231c115f318c5c791396fb4eff4cf38a0d634b9481ff10090047f10d65d21c7e16b03fe2788ce4c2d4140788102a7e9e
-
SSDEEP
24576:d3VF5goc2ZQNEOuy580gJMOiaSrR3WvJ0NzVorTLCE8Dt+s:R5gcIdWrilrRsmV6nCYs
Malware Config
Extracted
redline
black
77.91.124.82:19071
-
auth_value
c5887216cebc5a219113738140bc3047
Targets
-
-
Target
JC_5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac
-
Size
1.2MB
-
MD5
4b6ec23a4f0b592c27531bdd2a204865
-
SHA1
0ff7a0f37a8ce8e4d19edfb7d303f4c6d44b070c
-
SHA256
5c3f0871cfcfe26b1cfe14f34225e05bd79f96f534950e7a8ad345668b2a48ac
-
SHA512
6cd41905122e6d41edd8b2ca515c29bc231c115f318c5c791396fb4eff4cf38a0d634b9481ff10090047f10d65d21c7e16b03fe2788ce4c2d4140788102a7e9e
-
SSDEEP
24576:d3VF5goc2ZQNEOuy580gJMOiaSrR3WvJ0NzVorTLCE8Dt+s:R5gcIdWrilrRsmV6nCYs
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1