General
-
Target
a476a46785a69979055ac387803770e576314302406038006465aaf28783ea14
-
Size
499KB
-
Sample
241106-x1hqnsylek
-
MD5
cc4edf2669fca1847dde427c95a2aecf
-
SHA1
b1317ddd3082c2d4102d52817a4e34e2f5752c4b
-
SHA256
a476a46785a69979055ac387803770e576314302406038006465aaf28783ea14
-
SHA512
747521ab3e27c147b7be53652ee438eb37d5eaca181cb8ef493f2803bfec20878e3d2fb9139419423f7f1816da614d4214726470575fa2e414a4fa0ddae0594f
-
SSDEEP
12288:TMrMy90geTd7Lk4NuW/bitfgYTjrcG12sL:HySTd84NuW/k48c82sL
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
a476a46785a69979055ac387803770e576314302406038006465aaf28783ea14
-
Size
499KB
-
MD5
cc4edf2669fca1847dde427c95a2aecf
-
SHA1
b1317ddd3082c2d4102d52817a4e34e2f5752c4b
-
SHA256
a476a46785a69979055ac387803770e576314302406038006465aaf28783ea14
-
SHA512
747521ab3e27c147b7be53652ee438eb37d5eaca181cb8ef493f2803bfec20878e3d2fb9139419423f7f1816da614d4214726470575fa2e414a4fa0ddae0594f
-
SSDEEP
12288:TMrMy90geTd7Lk4NuW/bitfgYTjrcG12sL:HySTd84NuW/k48c82sL
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1