General
-
Target
6c80c3fead53a073cb5c66ce4c0cd44ad42d2e59c314e72a1517b630ab5ee8f5
-
Size
660KB
-
Sample
241110-dc3amaxmg1
-
MD5
cea0cb7d85a7e72d7e17ac2e459d972d
-
SHA1
55281c69482fc2d9e3a0bda2276551988048ecac
-
SHA256
6c80c3fead53a073cb5c66ce4c0cd44ad42d2e59c314e72a1517b630ab5ee8f5
-
SHA512
b5b88bfc145f2ae0902d8ec4fb7c2939003f2c6ca698751fc788b72266ffe02c9775572c9a9e6e41e5c115f9c09cf89c5f8c4e03d32905ae908833d4eea65d9a
-
SSDEEP
12288:fMrGy90FqIOI9m3SZ49AVjs2olr0DkHhE4k9T8LzM5PB6hSsfVTeqrn:9y/IzM361y9oh4h85poVTVn
Malware Config
Extracted
redline
norm
77.91.124.145:4125
-
auth_value
1514e6c0ec3d10a36f68f61b206f5759
Extracted
redline
droz
77.91.124.145:4125
-
auth_value
d099adf6dbf6ccb8e16967104280634a
Targets
-
-
Target
6c80c3fead53a073cb5c66ce4c0cd44ad42d2e59c314e72a1517b630ab5ee8f5
-
Size
660KB
-
MD5
cea0cb7d85a7e72d7e17ac2e459d972d
-
SHA1
55281c69482fc2d9e3a0bda2276551988048ecac
-
SHA256
6c80c3fead53a073cb5c66ce4c0cd44ad42d2e59c314e72a1517b630ab5ee8f5
-
SHA512
b5b88bfc145f2ae0902d8ec4fb7c2939003f2c6ca698751fc788b72266ffe02c9775572c9a9e6e41e5c115f9c09cf89c5f8c4e03d32905ae908833d4eea65d9a
-
SSDEEP
12288:fMrGy90FqIOI9m3SZ49AVjs2olr0DkHhE4k9T8LzM5PB6hSsfVTeqrn:9y/IzM361y9oh4h85poVTVn
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1