General
-
Target
3bf9e826ad89f753a2896f6939e8b705736cc49236f2414009b9b477a860f3e2
-
Size
663KB
-
Sample
241110-17cd1swkhz
-
MD5
2cc937b3232768bcf693fd7c70b66504
-
SHA1
75dc9966e61029764f2cdd40bb540f14ef74c903
-
SHA256
3bf9e826ad89f753a2896f6939e8b705736cc49236f2414009b9b477a860f3e2
-
SHA512
b7ab4a0c3b7ebc87036f8ccda3f130bc1662523296de26090454a93a5be10b842a0e9782e36efef1bcdafbe330bb82cd18e24d2b63a6eff3aa6dd367455f5e31
-
SSDEEP
12288:CMrwy90T9X7yMoIosWlQiAJ/eP6ecOxmH0CfyqbaTGLFvUMR2hL6:uyHqUQiIgKUsyIvUjW
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
droz
77.91.124.145:4125
-
auth_value
d099adf6dbf6ccb8e16967104280634a
Targets
-
-
Target
3bf9e826ad89f753a2896f6939e8b705736cc49236f2414009b9b477a860f3e2
-
Size
663KB
-
MD5
2cc937b3232768bcf693fd7c70b66504
-
SHA1
75dc9966e61029764f2cdd40bb540f14ef74c903
-
SHA256
3bf9e826ad89f753a2896f6939e8b705736cc49236f2414009b9b477a860f3e2
-
SHA512
b7ab4a0c3b7ebc87036f8ccda3f130bc1662523296de26090454a93a5be10b842a0e9782e36efef1bcdafbe330bb82cd18e24d2b63a6eff3aa6dd367455f5e31
-
SSDEEP
12288:CMrwy90T9X7yMoIosWlQiAJ/eP6ecOxmH0CfyqbaTGLFvUMR2hL6:uyHqUQiIgKUsyIvUjW
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1