General
-
Target
242993768d1f35c04acea45e34a4503ff498221aa6c0619fe4fab3b919aa43a3
-
Size
720KB
-
Sample
241122-zhn6vavkgp
-
MD5
4678cdd143e65ef2589a1d77fa59e2cc
-
SHA1
847304e30c2aaa245bc3b3604d196e49a8f50646
-
SHA256
242993768d1f35c04acea45e34a4503ff498221aa6c0619fe4fab3b919aa43a3
-
SHA512
d669060bb3866dd4ccfeb46a80e34aae878ec1e9f687953cc4eca7648322a58136fe5d4ae8e8d434b6fd7f0200fcfc5449087ac31df1e1c1c70092e8a9ea7c78
-
SSDEEP
12288:zy90gUp6QrLkWFRT2bpwC/gz7O3HatqCicZTofyFLYFP0vHGpUY6/VcXM:zyQYQrLkgQ3gzS3HaOeTofCGOHiPsp
Malware Config
Extracted
redline
losk
185.161.248.150:4128
-
auth_value
c0a6c391e53d2d9cd27bb17d1d38ada3
Extracted
redline
diza
185.161.248.150:4128
-
auth_value
0d09b419c8bc967f91c68be4a17e92ee
Targets
-
-
Target
242993768d1f35c04acea45e34a4503ff498221aa6c0619fe4fab3b919aa43a3
-
Size
720KB
-
MD5
4678cdd143e65ef2589a1d77fa59e2cc
-
SHA1
847304e30c2aaa245bc3b3604d196e49a8f50646
-
SHA256
242993768d1f35c04acea45e34a4503ff498221aa6c0619fe4fab3b919aa43a3
-
SHA512
d669060bb3866dd4ccfeb46a80e34aae878ec1e9f687953cc4eca7648322a58136fe5d4ae8e8d434b6fd7f0200fcfc5449087ac31df1e1c1c70092e8a9ea7c78
-
SSDEEP
12288:zy90gUp6QrLkWFRT2bpwC/gz7O3HatqCicZTofyFLYFP0vHGpUY6/VcXM:zyQYQrLkgQ3gzS3HaOeTofCGOHiPsp
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Healer family
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1