General
-
Target
NEAS.ca7692e0e5a8f1402416c408e241bfd0.exe
-
Size
742KB
-
Sample
231022-v1t3lagg4w
-
MD5
ca7692e0e5a8f1402416c408e241bfd0
-
SHA1
d84d1a254746a1cc41d175a244b503e79f300fcb
-
SHA256
0a67613d66b01850db22fe16afeeaa923531268fccc7dbde9076534d93ac8e4f
-
SHA512
6e5cc0c55b21bc61dbe9680bac4045223e585016607df1dc98bb1a8e2f271993a70516f180715153320c89d9a4607e6ad55478fb6ce9867b13ddc18d7537a8b1
-
SSDEEP
12288:fMrZy90UgoDS8GOsQE+wbsEcmO114l7GGztyLfDbw1TsxckDdYrTk+F7LW8:6ywyS8GYwbdcmO11U7GGzILUTsSkDaHH
Malware Config
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Targets
-
-
Target
NEAS.ca7692e0e5a8f1402416c408e241bfd0.exe
-
Size
742KB
-
MD5
ca7692e0e5a8f1402416c408e241bfd0
-
SHA1
d84d1a254746a1cc41d175a244b503e79f300fcb
-
SHA256
0a67613d66b01850db22fe16afeeaa923531268fccc7dbde9076534d93ac8e4f
-
SHA512
6e5cc0c55b21bc61dbe9680bac4045223e585016607df1dc98bb1a8e2f271993a70516f180715153320c89d9a4607e6ad55478fb6ce9867b13ddc18d7537a8b1
-
SSDEEP
12288:fMrZy90UgoDS8GOsQE+wbsEcmO114l7GGztyLfDbw1TsxckDdYrTk+F7LW8:6ywyS8GYwbdcmO11U7GGzILUTsSkDaHH
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1