Resubmissions

29-10-2024 12:22

241029-pkckqavgnj 10

04-03-2023 06:44

230304-hhhkmadb44 10

General

  • Target

    a63829281858f445f40f3ee2ef0a143673ea61da232882ac442b6422a88f54b6

  • Size

    658KB

  • Sample

    241029-pkckqavgnj

  • MD5

    fb5bbc1bf21e12a65a4c7e1c619c6cdd

  • SHA1

    c402b0ca6fb8249b97b53922fd5ad905c7810762

  • SHA256

    a63829281858f445f40f3ee2ef0a143673ea61da232882ac442b6422a88f54b6

  • SHA512

    63ad8b041cdb69979017307b29952803209c18a1429b46dc76c5e25066d65f5d0d46c4e905b467827225cb2ba6f51efc5cdfa126bfc76a22a087b3ba88383e44

  • SSDEEP

    12288:iMruy90uCEeYYvzskk/MeaDS6lIg6BF54ztBn2grAgbSjuSW6Sfu2zcN:EybCDVY1/UDSdK721gPZ6SfZzcN

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      a63829281858f445f40f3ee2ef0a143673ea61da232882ac442b6422a88f54b6

    • Size

      658KB

    • MD5

      fb5bbc1bf21e12a65a4c7e1c619c6cdd

    • SHA1

      c402b0ca6fb8249b97b53922fd5ad905c7810762

    • SHA256

      a63829281858f445f40f3ee2ef0a143673ea61da232882ac442b6422a88f54b6

    • SHA512

      63ad8b041cdb69979017307b29952803209c18a1429b46dc76c5e25066d65f5d0d46c4e905b467827225cb2ba6f51efc5cdfa126bfc76a22a087b3ba88383e44

    • SSDEEP

      12288:iMruy90uCEeYYvzskk/MeaDS6lIg6BF54ztBn2grAgbSjuSW6Sfu2zcN:EybCDVY1/UDSdK721gPZ6SfZzcN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.