General
-
Target
1d9f4f0c5bca7650fd1a683927272d80466b889320ff0367f6a79885ebfc9868
-
Size
479KB
-
Sample
241107-qbgczssgnq
-
MD5
f4e86f6586378db49f0718ca5062e7fe
-
SHA1
df7f72ec423a61dc7a6adb08143eeac83f99b352
-
SHA256
1d9f4f0c5bca7650fd1a683927272d80466b889320ff0367f6a79885ebfc9868
-
SHA512
bb839fe569ed8fe1c25932ccaa7f1d6c4544630729a9eafcd3030a64599f9fd0b36cce4038db0c0913433e47fc3f10e9e73ea9e9c0a024ea9bb888367b6f7093
-
SSDEEP
12288:nMrKy90dffc044SJ0WG/yqI9KARyqLEB:pyOHc044J/yqiZRyOEB
Malware Config
Extracted
redline
fukia
193.233.20.13:4136
-
auth_value
e5783636fbd9e4f0cf9a017bce02e67e
Targets
-
-
Target
1d9f4f0c5bca7650fd1a683927272d80466b889320ff0367f6a79885ebfc9868
-
Size
479KB
-
MD5
f4e86f6586378db49f0718ca5062e7fe
-
SHA1
df7f72ec423a61dc7a6adb08143eeac83f99b352
-
SHA256
1d9f4f0c5bca7650fd1a683927272d80466b889320ff0367f6a79885ebfc9868
-
SHA512
bb839fe569ed8fe1c25932ccaa7f1d6c4544630729a9eafcd3030a64599f9fd0b36cce4038db0c0913433e47fc3f10e9e73ea9e9c0a024ea9bb888367b6f7093
-
SSDEEP
12288:nMrKy90dffc044SJ0WG/yqI9KARyqLEB:pyOHc044J/yqiZRyOEB
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1