General
-
Target
cbb7c5cca4bc8aad2e28d86beba11babb65fb342526ef32be827294315233925N.exe
-
Size
548KB
-
Sample
241117-prfwqayrcz
-
MD5
263f21b0d4f632453e2e8d3b61565980
-
SHA1
00d19ee5f8f04c40d43132bd974c57417bf3538c
-
SHA256
cbb7c5cca4bc8aad2e28d86beba11babb65fb342526ef32be827294315233925
-
SHA512
7b4a7dec8ea89980764c79d414d231b8f3db1ade867e54f011feeaeb3a4ceea95a1b57e64419c021ab8a2b0f7481f8bfa76c13c7b1779b7ac64b6453075dbf1a
-
SSDEEP
12288:sMrTy90IVZy72+ztY+0wi4chCzwLeEqTD83FTB:vyW6+ztY+o4eCzwLfhTB
Malware Config
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Targets
-
-
Target
cbb7c5cca4bc8aad2e28d86beba11babb65fb342526ef32be827294315233925N.exe
-
Size
548KB
-
MD5
263f21b0d4f632453e2e8d3b61565980
-
SHA1
00d19ee5f8f04c40d43132bd974c57417bf3538c
-
SHA256
cbb7c5cca4bc8aad2e28d86beba11babb65fb342526ef32be827294315233925
-
SHA512
7b4a7dec8ea89980764c79d414d231b8f3db1ade867e54f011feeaeb3a4ceea95a1b57e64419c021ab8a2b0f7481f8bfa76c13c7b1779b7ac64b6453075dbf1a
-
SSDEEP
12288:sMrTy90IVZy72+ztY+0wi4chCzwLeEqTD83FTB:vyW6+ztY+o4eCzwLfhTB
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1