General
-
Target
1b358b19aa6a512b588e9959bbe886370cd4b4438c17ded6c50977f6646abccd_JC.exe
-
Size
930KB
-
Sample
231014-a536vagc7v
-
MD5
ee6e5285e8ad791aa65e6908bb49958b
-
SHA1
65afbce682e4041744b4593edeff1d820fd72035
-
SHA256
1b358b19aa6a512b588e9959bbe886370cd4b4438c17ded6c50977f6646abccd
-
SHA512
29bca6266038450df6723cc5bb358a408384b3981dcfba304d6bc04cbba4134da5cb4a47240c7bd86a2baf00cda6d847bf027810d90afea38681d0e29c270ba0
-
SSDEEP
24576:hiuBtZSPbC4+eYr6yqNylWDl1/dEwezO50D:MuBfc243Yr6yquanezO5O
Malware Config
Extracted
redline
moner
77.91.124.82:19071
-
auth_value
a94cd9e01643e1945b296c28a2f28707
Targets
-
-
Target
1b358b19aa6a512b588e9959bbe886370cd4b4438c17ded6c50977f6646abccd_JC.exe
-
Size
930KB
-
MD5
ee6e5285e8ad791aa65e6908bb49958b
-
SHA1
65afbce682e4041744b4593edeff1d820fd72035
-
SHA256
1b358b19aa6a512b588e9959bbe886370cd4b4438c17ded6c50977f6646abccd
-
SHA512
29bca6266038450df6723cc5bb358a408384b3981dcfba304d6bc04cbba4134da5cb4a47240c7bd86a2baf00cda6d847bf027810d90afea38681d0e29c270ba0
-
SSDEEP
24576:hiuBtZSPbC4+eYr6yqNylWDl1/dEwezO50D:MuBfc243Yr6yquanezO5O
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1