General
-
Target
red.zip
-
Size
51.1MB
-
Sample
240510-r63p5sbd3s
-
MD5
d7c845e694c3ccc36cc0a91d6e82c585
-
SHA1
8f691d574c225e42982103995df13260183bd8d4
-
SHA256
c9e1bcbbab1fafcf8cc24760bccf3efac8e604baa1ea574dbe47e2dd7ac09433
-
SHA512
020ea3899d3a2e0831de0c573ab73336072b7f8b4f3ae1ea82ece012e779694012f85f95737c12995107d6397237a8d8cf110aff060e1a6758a5085fb7c51697
-
SSDEEP
1572864:pCPsgJol5kjVEtpaxs2kwji1p/y+9aOSStwh:pC1Jol5knkUi1pnFSMwh
Malware Config
Extracted
amadey
3.86
http://77.91.68.61
http://5.42.92.67
-
install_dir
925e7e99c5
-
install_file
pdates.exe
-
strings_key
ada76b8b0e1f6892ee93c20ab8946117
-
url_paths
/rock/index.php
Extracted
redline
krast
77.91.68.68:19071
-
auth_value
9059ea331e4599de3746df73ccb24514
Extracted
amadey
3.85
http://77.91.68.3
-
install_dir
3ec1f323b5
-
install_file
danke.exe
-
strings_key
827021be90f1e85ab27949ea7e9347e8
-
url_paths
/home/love/index.php
Extracted
redline
nasa
77.91.68.68:19071
-
auth_value
6da71218d8a9738ea3a9a78b5677589b
Extracted
redline
7001210066
https://pastebin.com/raw/KE5Mft0T
Extracted
redline
dumud
217.196.96.101:4132
-
auth_value
3e18d4b90418aa3e78d8822e87c62f5c
Extracted
redline
roma
77.91.68.56:19071
-
auth_value
f099c2cf92834dbc554a94e1456cf576
Extracted
redline
mihan
217.196.96.101:4132
-
auth_value
9a6a8fdae02ed7caa0a49a6ddc6d4520
Extracted
redline
masha
77.91.68.48:19071
-
auth_value
55b9b39a0dae383196a4b8d79e5bb805
Extracted
redline
5637482599
https://pastebin.com/raw/NgsUAPya
Extracted
redline
lande
77.91.124.84:19071
-
auth_value
9fa41701c47df37786234f3373f21208
Extracted
redline
lamp
77.91.68.56:19071
-
auth_value
ee1df63bcdbe3de70f52810d94eaff7d
Targets
-
-
Target
01aa1629bce01d1d882c10d835fa7765f2a247f51bcbf0d46b77b87362877916
-
Size
390KB
-
MD5
a076ae6cb1b18ae3f0157f02f17ad575
-
SHA1
a51acdd2e42beb97ca8de21d3a07e62f2fbfbfe4
-
SHA256
01aa1629bce01d1d882c10d835fa7765f2a247f51bcbf0d46b77b87362877916
-
SHA512
311bb21e88f2ad16c04011058906fb15d2329a97a1f8cfa22a10088c4a2b23a5f57d46f156f74c5b1c8c38bf96af54683803f464b38f68ebf589e5033c95f2b1
-
SSDEEP
6144:Kyy+bnr+Ip0yN90QEkX3vNbKMTy4HDtPdpS5eJ9cIkiGBmzC9AozEIsGE:uMrQy90KX3RKM2YtPjSKG8F
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
0f8698fea90dbf665be173be76a450cd2e77e0ffc44993fbed40dba923374671
-
Size
332KB
-
MD5
9fceaa1ae1b94cbeea5da147c7a5587d
-
SHA1
332404db60a6ddb0c82850675706d733342092d1
-
SHA256
0f8698fea90dbf665be173be76a450cd2e77e0ffc44993fbed40dba923374671
-
SHA512
ceb39dadde027fde22e99792fe2f5e6c87b8db59e6f94855544d80d6c50c386e0e6599b7074af5322846064a7798bf08d301cf83b6ec0087686070cb7f40f999
-
SSDEEP
6144:k3DwTnVE5mxYitLevhwYR+PRCygh3CteoC2jHPKTD+0Xp:kTJ5mxYitL1+ygVL2jOy0Xp
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
10c3a4b3e37a803bd0aa6309c39158c1cdc781b3496a972f062f1fe958597862
-
Size
390KB
-
MD5
a0ca6912e574833240194ec4fe31f631
-
SHA1
8755f22d65a895e74cfc8675410f24e255f0827b
-
SHA256
10c3a4b3e37a803bd0aa6309c39158c1cdc781b3496a972f062f1fe958597862
-
SHA512
4b0b545b1f5bc3d93d71d6a9cd4cb411fb38a56f4c426648fe38837e4bc00c70f8406f679ae08aa8aa296edab828f8aa2b7c3b2db2f7ecb3ca62ee277e6be6ca
-
SSDEEP
6144:KFy+bnr+Wp0yN90QEMMHTfcOSn1XrkWGjZNJ2h74Tj98p881bbZKgTDUONPu/:7Mriy90BzfcOS112Tj9g1RKgDUqm/
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
12d321d9a66bfb909ca6ae3097f6aba39263be25c619d424b1dbefd373b20d0f
-
Size
390KB
-
MD5
a0570c03b2992062f9d7c88983ec0531
-
SHA1
ef7a037d1215d81b892aeefd6108df59ccd2167b
-
SHA256
12d321d9a66bfb909ca6ae3097f6aba39263be25c619d424b1dbefd373b20d0f
-
SHA512
60d7a0422d3a872689e165148ed85c13820017ce7fbbe6e17e1badccb790d1690136144496d3c332c8272e0f94870d90e8bd231b893500f40d0d38e6d45bbf26
-
SSDEEP
6144:KYy+bnr+jp0yN90QElD2DJ37wIsWV673NgHi406Yp5EeO2ufKu/:YMrny90rD2DJ372DmB06i5k2uCu/
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
1e8cbc456786daa6da93242154f714f7e224f45514a9556e7a644f39934e3196
-
Size
333KB
-
MD5
9d97353cb81e2dba6640074038ce5f11
-
SHA1
8fc28f957d2532680b6105a7fceb41ba310e6131
-
SHA256
1e8cbc456786daa6da93242154f714f7e224f45514a9556e7a644f39934e3196
-
SHA512
1a002888c274f608550139ae1a0f3d37e973f2ecefd8824e01f5b98878661f56024983ccf9e22d29bcecb12bf62c03890586a89298c43b18aa659be9fff2cb51
-
SSDEEP
6144:X1RwZfFQDOioMvzATd5W0jbSXRYygh2qjjjjjjjSMJRkPpwlem0Kj+0Xp:X/zDOioMvzA+iygUqjjjjjjjSWRrlk05
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
27efa43e160a77456643b18b13206f1f8a13410ef51729dbe8fa2997f36694c1
-
Size
1.2MB
-
MD5
861cdcff71d268dee3580d2ce333ac09
-
SHA1
94be6d1757a7ab5c0d5ebd464cafb71bc1c5d33d
-
SHA256
27efa43e160a77456643b18b13206f1f8a13410ef51729dbe8fa2997f36694c1
-
SHA512
b2e905338edbaaf101bd94b91c801972ff30f49a8f0f4740c67faa7e8d3c2be243d0883cec424f9db46bbf7b403ae72b5a6e3201d0861093e9084e920a9f1581
-
SSDEEP
24576:ayE5p8ogugja8IT5+YVQ0SVU97kNQ7hDtYT:hwZgja8G5+k79ANQlDtY
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
2a2e3be04e8391170c3a71e198b45f6e45c085dff086c4e7b09748919fbeaef7
-
Size
514KB
-
MD5
9d827bb83640e0913032c63de8cb78f1
-
SHA1
449eee66a32c41f5c5aee7d77ded58b575c1b984
-
SHA256
2a2e3be04e8391170c3a71e198b45f6e45c085dff086c4e7b09748919fbeaef7
-
SHA512
ec3e904df1ce5374b9b94d41edad0e79e012992fe988f1f994766022e1fef388500126c14dbe96487650cc8475611d32314c4f20df4ca271f85ce9d53e3ac695
-
SSDEEP
12288:WMrdy90DnHgun+muOlzU2R3jp2W8zmUHlz8nlQH:Ly6nHguntu6f2xmal8lQH
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
2d2e176ff101b33e0adec2558415b76c1425ba9502c4b652c64b4751dd11181c
-
Size
325KB
-
MD5
a11dbc01603450452854f17aa7ea1eef
-
SHA1
18436f7c4a7a4477c0baa93ddc108babce9491bf
-
SHA256
2d2e176ff101b33e0adec2558415b76c1425ba9502c4b652c64b4751dd11181c
-
SHA512
1ac3b35ac7b8742c8eded217595f30ae25eff216409bddd3cc18809ff6e5d873c7feae6e1e3501dc02bebe2205f9f9e8db9718c76315b679ca8ce73aca2135bf
-
SSDEEP
6144:K+y+bnr+/p0yN90QEJR9FTYYX8K75Nq/srdzir8IkNO3O0sUBWd:mMrry90bzFFX8KVpirQMFBWd
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
4ef1a0149daef80693bc6f0b8f8337399c8687c08ca4792d24e3bdaab9bf6f77
-
Size
390KB
-
MD5
859f7291df89d775b2c13b9eba46f15e
-
SHA1
cd432f7142d19ca13261a674f4456669fff79c8d
-
SHA256
4ef1a0149daef80693bc6f0b8f8337399c8687c08ca4792d24e3bdaab9bf6f77
-
SHA512
6ffb75ac3d4d5a3cfed9131d46abd4dc0305df6125c5c4e6e926541ee360dfb2e0ed497655873f483089a4154ef5563a691aecb0a5bde83e456e983976411729
-
SSDEEP
6144:KOy+bnr+op0yN90QEJVyucfzJ8b9U+BuekimU0dYTCcHnlRHBd11szcoN:6Mrsy90RcF8b20qUscHnl9T11snN
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
51b44e7fef51fc7ece012253c1667cd5cb95636d10007d0e2be5e98e7fd405e7
-
Size
315KB
-
MD5
290b0115d137ba7f6f75557dea9a3418
-
SHA1
4fd841d032858a7bc39d598eca329371bc48a118
-
SHA256
51b44e7fef51fc7ece012253c1667cd5cb95636d10007d0e2be5e98e7fd405e7
-
SHA512
b843b5beea655f803deb8473cb9ed4f06e0d99c46480dcce39d321b1bcb4b4dff4350bd7c41f6ca0f3eaae31e73e9351ec5de920eddfedc809f119effe362a34
-
SSDEEP
6144:8A9pI60nbM8uPZy3+8KIDJgu+PchgHadTi7ZiEfXHS:H9+60nbnueg3cy6RFEPHS
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
51d640efcf425557c7e898a690d229994ff2fc0610138596398e8cdd60583244
-
Size
390KB
-
MD5
29559e945f56a313b5e9264dd6ca7a3b
-
SHA1
008abf8dd4f1da5ce1cac168e042ef8bcee54607
-
SHA256
51d640efcf425557c7e898a690d229994ff2fc0610138596398e8cdd60583244
-
SHA512
f2dd23e29d5ef28323a0b4741e6ab5c79deeba8dd27bc0565826700e87350ab5f74059e669be30f28054e2e52af57519193099abe75b56be2f65d7071542c14c
-
SSDEEP
12288:TMroy90EgA20duD7uAomGFLqcHnl9movoHz:LyVgAy7uGGFL5Ha
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
7073615f2bb8bdde4bddb204be08de240462e36b437993850d9ebcaa68dc66d4
-
Size
307KB
-
MD5
9ef8eb127eac07a85f1541a61be71438
-
SHA1
4ee1b91a1d2b41f854cb6117b61df899c96f350b
-
SHA256
7073615f2bb8bdde4bddb204be08de240462e36b437993850d9ebcaa68dc66d4
-
SHA512
cd68198a6da6f1aef7847015a7ffc0298e6cc7d7d205b126900e722c0f457fbd246467cc76d78d720931cb14b64886b88c4ab077a5af757f10776b29460fef33
-
SSDEEP
6144:KDy+bnr+kp0yN90QELwSAlxKags0k6BYlPRfq++UU:xMrIy90GrOjfBYjC
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
85963051ece1830904f1352feb417a21d0483c9ef3735855d49b257c6278df13
-
Size
43.5MB
-
MD5
9de6a6858482f7b8c82bd861ea974e09
-
SHA1
772ce6a04f3afed268695f26136337a772c76017
-
SHA256
85963051ece1830904f1352feb417a21d0483c9ef3735855d49b257c6278df13
-
SHA512
fd11b2455361204a9cf9d046acc2b379989e11f7b06f0add808bc2219b104ff10b772d708ab64752efbf894c281c486509d8421edebfa8c3be608e02eb8f2c77
-
SSDEEP
786432:CVTtG42LQOiWTx/iNFcFXBHx+rEpTyfgcRMQS7bYC/vswAdlk1MUOH:CPGFM0RwcFXBHx+wgGV4ydAdxUO
Score1/10 -
-
-
Target
91764c20cbe482b1a5b8aa8c305a606675ac822cf3322e1b30d15c022219581b
-
Size
307KB
-
MD5
861644a76bd45137c176d6c5c2b82cd5
-
SHA1
5cfb78556e08a6c8e79f6df91cf91df3aff5308d
-
SHA256
91764c20cbe482b1a5b8aa8c305a606675ac822cf3322e1b30d15c022219581b
-
SHA512
b949eb3d0296222433ead224f0905868965dfef8112a5fc33dcd07a3c88f4c1edb999889373faf09dbd06b9b072b76c5c69bcda19d95764839ebc8c2e7f5197e
-
SSDEEP
6144:K0y+bnr+mp0yN90QE2wSAl3Oz+7tI9w9F1OQINXV:kMrGy90vr3Oz+7tIOv1OjNXV
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
c7a4524e38a070acf6ba7d4865de5125063cd4a021a47872adb720277271f3ae
-
Size
390KB
-
MD5
86270699bad2681bb3f5f57f44a7094e
-
SHA1
cac5e4b620f438ece23b6e9df463b99d2667a95f
-
SHA256
c7a4524e38a070acf6ba7d4865de5125063cd4a021a47872adb720277271f3ae
-
SHA512
92ed35d0f3a0c22d5be759b2cf71064194e440601cba0b848d6a4440467820273b446a38069794da757c2d1c8ae760792a5156e69e4cf5aeaeb003f8ee740443
-
SSDEEP
12288:sMrYy90slB8Ldj5DBLjkSaHAcHnl9kkN6Kw:MyJ8D1lO/Hc
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
cc6d978c1f4f3ff1c9f85ac715299464b6b106c70aeb9adce32b6d355ba45721
-
Size
309KB
-
MD5
290ff81ba12e0d1d1a636eb5a3de8823
-
SHA1
98ec545dbb97f4b7c55ee3fc91afe85d8e2d60aa
-
SHA256
cc6d978c1f4f3ff1c9f85ac715299464b6b106c70aeb9adce32b6d355ba45721
-
SHA512
f168ae49314180c63bd492aa57a7f74b629f4a4398772ade9e4cc9dbcf3e8f8d228beb23c81a668edc4351c892e32c7c0867f91a77a6a667d7151ddbcec2e6f4
-
SSDEEP
6144:KUy+bnr+sp0yN90QEM5F5OYc1u31g4TByQpv2+YtIpTA:IMrQy906xc1u31TTEQh2HtSA
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
d71ef74d3278f53c23c7f004992b27f41fcafdbf8bf24ae61339ef1fded7d1a8
-
Size
332KB
-
MD5
858d4fcf018a04375747f4e03421027a
-
SHA1
2e35b6de141c7b1b848c89d21f456113865425b4
-
SHA256
d71ef74d3278f53c23c7f004992b27f41fcafdbf8bf24ae61339ef1fded7d1a8
-
SHA512
52869e505b2dc2e4031b9f6ac060bdefce756223ffa7457de666d1af12449381f4aee7b4407da87801df49a8e76d0aee6698a0d28a4afb89ada7c6db511383a9
-
SSDEEP
6144:nlZwB/LgLN340nTaDpOU7riHRkygh0HwLUlpCNIvYCeUZw7NA5/ioDJZq+0Xp:nnhLN340nTP+ygOQLgp0IvYCeSKk/i4c
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
de0b656af41759ffa8477cd8c387f71b8e3cbddbc718028139d53bc1c6b95d69
-
Size
390KB
-
MD5
a16ac9ef7483e3521231c15a522765cd
-
SHA1
4d101b7b20025d4bd709a1db554f2f5d4beb4e9e
-
SHA256
de0b656af41759ffa8477cd8c387f71b8e3cbddbc718028139d53bc1c6b95d69
-
SHA512
a560db70c1b0624ee3d93193830f1c98c94164b8938b7ad7a9066f0ace9fd6c8606671e21d59b6293054216e3326f12245acdef33cbd8438c5561b3c51cbf14d
-
SSDEEP
12288:9MrRy90FVDc5PBTcopqsqeYaacHnl9XyLEUH:sykS5P5TgaJHGv
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
e5410c580a81399010c4afd0cb43116c8c6e79ed10a16ace6ca24b1180f130b5
-
Size
309KB
-
MD5
9ed6e3149f3de480b6dba815648459a3
-
SHA1
0bca971a602e9a23ed01f24d74e00af6dac8a288
-
SHA256
e5410c580a81399010c4afd0cb43116c8c6e79ed10a16ace6ca24b1180f130b5
-
SHA512
ffa150f81a93e1d49b159b60927b527fa1ab5918c0d5c20b332ef6c350c156f1c3da5c728b23e3a737abbd88d2c9d9bf719357d28f76c43bcc767145e2e4d218
-
SSDEEP
6144:O6hm2uPpiUxyd2eVps3AzI5lftT9KJ0te92+RmnlhA7m/I:7m2uPpit6eI5fZ1te9ZsnlhAQI
Score1/10 -
-
-
Target
f47fb04ed8077b20b9ca93eddc8ce4a4f05ca4367177fba67c1d87d2831d1865
-
Size
1.5MB
-
MD5
85e57bbbfa4b4a93b3389c480fac7189
-
SHA1
bd185ed9b704ae08c0fd652ca05ee3f3cbfccef5
-
SHA256
f47fb04ed8077b20b9ca93eddc8ce4a4f05ca4367177fba67c1d87d2831d1865
-
SHA512
10b7313ed100b1539cf8e4d6caaa996ee8185010d3d475c416b7be8e8f032514605bff766f5210d0921a96a9ad84730bf7583970949c9b62557b42db3d384238
-
SSDEEP
49152:pvUrKe4i6MP4mUJJq5ZuIISIxVa46ecL:W34rMP4fTq5ZuxxVJa
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
12Windows Service
12Boot or Logon Autostart Execution
14Registry Run Keys / Startup Folder
14Scheduled Task/Job
8Privilege Escalation
Create or Modify System Process
12Windows Service
12Boot or Logon Autostart Execution
14Registry Run Keys / Startup Folder
14Scheduled Task/Job
8