General
-
Target
41a40e0e61b35b0e95c5898f644e4064130f19acc2cad3e3a80c0b38d1b79f9a
-
Size
685KB
-
Sample
241108-jc5nms1jer
-
MD5
29baf6522d02c2f2162cf45a885cc783
-
SHA1
338625d78c26cb11bd9c5069fbe23b7ae6a1930a
-
SHA256
41a40e0e61b35b0e95c5898f644e4064130f19acc2cad3e3a80c0b38d1b79f9a
-
SHA512
d1381765b6161679824c86901ee896cbf2ed35434eff1baa6a04bd3fdc5350a072398ba3fc8346e83ff021fa86e14e3e7930b110e12d94ac3d38a2a5bad0db24
-
SSDEEP
12288:gMrsy90G3rTau82aNMm5o9I54YITwbyPDQYk2xeNVRpL2xPTEZ9eW1AtjU38:8yZJaNgBGCDDpaRpGYR1AtjQ8
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
diza
77.91.124.145:4125
-
auth_value
bbab0d2f0ae4d4fdd6b17077d93b3e80
Targets
-
-
Target
41a40e0e61b35b0e95c5898f644e4064130f19acc2cad3e3a80c0b38d1b79f9a
-
Size
685KB
-
MD5
29baf6522d02c2f2162cf45a885cc783
-
SHA1
338625d78c26cb11bd9c5069fbe23b7ae6a1930a
-
SHA256
41a40e0e61b35b0e95c5898f644e4064130f19acc2cad3e3a80c0b38d1b79f9a
-
SHA512
d1381765b6161679824c86901ee896cbf2ed35434eff1baa6a04bd3fdc5350a072398ba3fc8346e83ff021fa86e14e3e7930b110e12d94ac3d38a2a5bad0db24
-
SSDEEP
12288:gMrsy90G3rTau82aNMm5o9I54YITwbyPDQYk2xeNVRpL2xPTEZ9eW1AtjU38:8yZJaNgBGCDDpaRpGYR1AtjQ8
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1