General
-
Target
70129546c0dff665516c6ea710a069fa6702d173898900afaff969439c7a5e5c
-
Size
2.6MB
-
Sample
231012-nbxnvshb38
-
MD5
d5072e7a9c082a65e61e5f65b7b58f07
-
SHA1
eda7f387ea58329aa6ea7f88f044d84e53dd977f
-
SHA256
70129546c0dff665516c6ea710a069fa6702d173898900afaff969439c7a5e5c
-
SHA512
a97a27fbe1cf1a7cd84caf79d91149fe690006fc359334cb81a774ddd6093a01384fb33892206451b67cbd759a1e725e599a5b95bc033b9644383b69a36f7a7a
-
SSDEEP
49152:699i4ytXZQmSxZjDhtrvdb0xs6MztweyRjNqSIXc612N:zirvdgq6Mhwe4DE8
Malware Config
Extracted
redline
buben
77.91.124.82:19071
-
auth_value
c62fa04aa45f5b78f62d2c21fcbefdec
Targets
-
-
Target
70129546c0dff665516c6ea710a069fa6702d173898900afaff969439c7a5e5c
-
Size
2.6MB
-
MD5
d5072e7a9c082a65e61e5f65b7b58f07
-
SHA1
eda7f387ea58329aa6ea7f88f044d84e53dd977f
-
SHA256
70129546c0dff665516c6ea710a069fa6702d173898900afaff969439c7a5e5c
-
SHA512
a97a27fbe1cf1a7cd84caf79d91149fe690006fc359334cb81a774ddd6093a01384fb33892206451b67cbd759a1e725e599a5b95bc033b9644383b69a36f7a7a
-
SSDEEP
49152:699i4ytXZQmSxZjDhtrvdb0xs6MztweyRjNqSIXc612N:zirvdgq6Mhwe4DE8
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1