General
-
Target
c2b3cd4166382ac5ce0feb688d7a97fdd346afcfea9b6723123021a4fa045419
-
Size
690KB
-
Sample
241106-ksazmsxckh
-
MD5
67bb7e1e4452eba635ad123bc3802643
-
SHA1
261d07930886c8975d928d7f43ba755294ecd9c8
-
SHA256
c2b3cd4166382ac5ce0feb688d7a97fdd346afcfea9b6723123021a4fa045419
-
SHA512
47f2f7ed3022cd55b95971d041a969fd3cf641beb4e2f4bd2259274dbd2688183fb4174b1661e33924c41458ca434e0eb4317340b948baf7d8525fbc62558034
-
SSDEEP
12288:MMrfy9050DXjHMtJscrRTJ33y665hLueg3JEK34uSli/++vmFcffig66z1z7gt8c:TyqQTQndCJfaH5EKIuEi/ycfag6S1wtD
Malware Config
Extracted
redline
rosn
176.113.115.145:4125
-
auth_value
050a19e1db4d0024b0f23b37dcf961f4
Targets
-
-
Target
c2b3cd4166382ac5ce0feb688d7a97fdd346afcfea9b6723123021a4fa045419
-
Size
690KB
-
MD5
67bb7e1e4452eba635ad123bc3802643
-
SHA1
261d07930886c8975d928d7f43ba755294ecd9c8
-
SHA256
c2b3cd4166382ac5ce0feb688d7a97fdd346afcfea9b6723123021a4fa045419
-
SHA512
47f2f7ed3022cd55b95971d041a969fd3cf641beb4e2f4bd2259274dbd2688183fb4174b1661e33924c41458ca434e0eb4317340b948baf7d8525fbc62558034
-
SSDEEP
12288:MMrfy9050DXjHMtJscrRTJ33y665hLueg3JEK34uSli/++vmFcffig66z1z7gt8c:TyqQTQndCJfaH5EKIuEi/ycfag6S1wtD
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1