General
-
Target
d342f782a322b1505dd3a05655c04da2dfa3a16333086c50777e98929f7af57c
-
Size
1.2MB
-
Sample
231013-fl6eraeg8y
-
MD5
7912eeab9701c8f6ba478ead152a1b31
-
SHA1
3bb1220bf0d4e0c638e1698cbdbc1dd4b43c57b0
-
SHA256
d342f782a322b1505dd3a05655c04da2dfa3a16333086c50777e98929f7af57c
-
SHA512
a016e61ba8ac488c25deacf3c780f66128551884760c8a09f530050f8983a36760caf6b429a85ccc6f2bd56a7a08dca04a2211ff6a2bfdf47138a9100f3d19be
-
SSDEEP
24576:o74crjwmjYWwkgiXwrNK2lZ4J9yhrORgrOyjdG:m4crU5Lkgig59rh/ndG
Malware Config
Extracted
redline
petin
77.91.124.82:19071
-
auth_value
f6cf7a48c0291d1ef5a3440429827d6d
Targets
-
-
Target
d342f782a322b1505dd3a05655c04da2dfa3a16333086c50777e98929f7af57c
-
Size
1.2MB
-
MD5
7912eeab9701c8f6ba478ead152a1b31
-
SHA1
3bb1220bf0d4e0c638e1698cbdbc1dd4b43c57b0
-
SHA256
d342f782a322b1505dd3a05655c04da2dfa3a16333086c50777e98929f7af57c
-
SHA512
a016e61ba8ac488c25deacf3c780f66128551884760c8a09f530050f8983a36760caf6b429a85ccc6f2bd56a7a08dca04a2211ff6a2bfdf47138a9100f3d19be
-
SSDEEP
24576:o74crjwmjYWwkgiXwrNK2lZ4J9yhrORgrOyjdG:m4crU5Lkgig59rh/ndG
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1