General
-
Target
35c9633557453a246e230eaecf89ee1ed9b9cb8c64130d2ac3153b26be42f91c
-
Size
1.3MB
-
Sample
231012-q4mqgaeh24
-
MD5
2f5d8811e543173d4a2644cdd0d7072e
-
SHA1
127704780f8f46cdf69a92e68d444a17520f1ec4
-
SHA256
35c9633557453a246e230eaecf89ee1ed9b9cb8c64130d2ac3153b26be42f91c
-
SHA512
6952b3062c462410fa348bdf52312be39f22127f24f1b02d6f2628e32a8b8d95f15be08a24e19d8440b9d62b83017cbbc120d4f4f73505028721776ca9ddd1c5
-
SSDEEP
24576:twpa5/kzxL9tzhgbkQAcIG/QKfSiXwjzWmku1mas0EcQ16cn1EzZOs:H5/kzYhAhmVXjmkxe9QRnfs
Malware Config
Extracted
redline
vasha
77.91.124.82:19071
-
auth_value
42fc61786274daca54d589b85a2c1954
Targets
-
-
Target
35c9633557453a246e230eaecf89ee1ed9b9cb8c64130d2ac3153b26be42f91c
-
Size
1.3MB
-
MD5
2f5d8811e543173d4a2644cdd0d7072e
-
SHA1
127704780f8f46cdf69a92e68d444a17520f1ec4
-
SHA256
35c9633557453a246e230eaecf89ee1ed9b9cb8c64130d2ac3153b26be42f91c
-
SHA512
6952b3062c462410fa348bdf52312be39f22127f24f1b02d6f2628e32a8b8d95f15be08a24e19d8440b9d62b83017cbbc120d4f4f73505028721776ca9ddd1c5
-
SSDEEP
24576:twpa5/kzxL9tzhgbkQAcIG/QKfSiXwjzWmku1mas0EcQ16cn1EzZOs:H5/kzYhAhmVXjmkxe9QRnfs
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1