General
-
Target
65da1e5d9541987249a0425060f176c0N
-
Size
706KB
-
Sample
240913-xbn66asaqq
-
MD5
65da1e5d9541987249a0425060f176c0
-
SHA1
5606fbcb8c5634c1fd164c792b2150a6dedee655
-
SHA256
724547007f3886a58e63abd1921c2b5341dc864ee64042632b828378d926e3e5
-
SHA512
b2764da3ac89d0b0a99f2d8c3b51af8f4e925a9946c5e9c610c9c5cd38593a63cbf940facee156d535115301b614f5a87880279237bbe239b095af21b3e92f3f
-
SSDEEP
12288:ZMrny90ByiG7k9VHz+eL4/of6f9oIIdm8FJoDG0lzi5gQIuo:WyU3zDL4/ofGj30JoxuTo
Malware Config
Extracted
redline
jokes
77.91.124.82:19071
-
auth_value
fb7b36b70ae30fb2b72f789037350cdb
Targets
-
-
Target
65da1e5d9541987249a0425060f176c0N
-
Size
706KB
-
MD5
65da1e5d9541987249a0425060f176c0
-
SHA1
5606fbcb8c5634c1fd164c792b2150a6dedee655
-
SHA256
724547007f3886a58e63abd1921c2b5341dc864ee64042632b828378d926e3e5
-
SHA512
b2764da3ac89d0b0a99f2d8c3b51af8f4e925a9946c5e9c610c9c5cd38593a63cbf940facee156d535115301b614f5a87880279237bbe239b095af21b3e92f3f
-
SSDEEP
12288:ZMrny90ByiG7k9VHz+eL4/of6f9oIIdm8FJoDG0lzi5gQIuo:WyU3zDL4/ofGj30JoxuTo
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1