General
-
Target
af98e05473ea65009667c6b69f3b49cc33e445c44ad6c5f4bc31838801f482e0
-
Size
530KB
-
Sample
241104-q7yxxa1dpn
-
MD5
026a64863b1705278f60fc6d18764e5e
-
SHA1
a5f7816da39a976e5aca2f34f9f5dbba8bf8bea0
-
SHA256
af98e05473ea65009667c6b69f3b49cc33e445c44ad6c5f4bc31838801f482e0
-
SHA512
01046930b08fd96e59ef34d5ef36cc3b843c233143646c99bece4451855d58091eaef33d9538f17bf42acc4fae322dc8e495b247f30c4983b26dbcaf1322d0b3
-
SSDEEP
12288:1Mray90Ncci1IGfk+9n2paGNiN/N9HK00h+vlcHBzIBPI5p:jySXeI8kM7GkN/Ntz0EwBzePI5p
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
af98e05473ea65009667c6b69f3b49cc33e445c44ad6c5f4bc31838801f482e0
-
Size
530KB
-
MD5
026a64863b1705278f60fc6d18764e5e
-
SHA1
a5f7816da39a976e5aca2f34f9f5dbba8bf8bea0
-
SHA256
af98e05473ea65009667c6b69f3b49cc33e445c44ad6c5f4bc31838801f482e0
-
SHA512
01046930b08fd96e59ef34d5ef36cc3b843c233143646c99bece4451855d58091eaef33d9538f17bf42acc4fae322dc8e495b247f30c4983b26dbcaf1322d0b3
-
SSDEEP
12288:1Mray90Ncci1IGfk+9n2paGNiN/N9HK00h+vlcHBzIBPI5p:jySXeI8kM7GkN/Ntz0EwBzePI5p
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1