General

  • Target

    dea98214ec29b7cd5cb24e695.exe

  • Size

    529KB

  • Sample

    230710-xjx42ach75

  • MD5

    dea98214ec29b7cd5cb24e6957d3122b

  • SHA1

    5e6e7063d689fc58282309aed47a037054a079de

  • SHA256

    55b8a711e22c32e0890552fcd9384eb4c830629379064880ff92127969cb449e

  • SHA512

    d0575b08b156145a7bcf8f348e569ddbcc7f7da7ce5cddffef5f6cde3c1c2c1cf9a80b4e1d45a401bcbcbeda6c7a3be6dcc3ab3cf47bca77dbe54540853afe13

  • SSDEEP

    12288:CbEbfvWaRdnQgaFjvXoIITSjxMd7cfxXgMG7cVC:CbEjvW82giofTCxXl3VC

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes
  • auth_value

    d2386245fe11799b28b4521492a5879d

Targets

    • Target

      dea98214ec29b7cd5cb24e695.exe

    • Size

      529KB

    • MD5

      dea98214ec29b7cd5cb24e6957d3122b

    • SHA1

      5e6e7063d689fc58282309aed47a037054a079de

    • SHA256

      55b8a711e22c32e0890552fcd9384eb4c830629379064880ff92127969cb449e

    • SHA512

      d0575b08b156145a7bcf8f348e569ddbcc7f7da7ce5cddffef5f6cde3c1c2c1cf9a80b4e1d45a401bcbcbeda6c7a3be6dcc3ab3cf47bca77dbe54540853afe13

    • SSDEEP

      12288:CbEbfvWaRdnQgaFjvXoIITSjxMd7cfxXgMG7cVC:CbEjvW82giofTCxXl3VC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks