General

  • Target

    3c5a4fa5efe2852729ce8ae85af06c19f907208a0e100ce1ee5f8f85c90196ce

  • Size

    530KB

  • Sample

    241104-qmy26szkaw

  • MD5

    b7d355bcc3831c252ef8c730d31e0534

  • SHA1

    ba22c5ea25aee25023cc3517b0db997df0aeacfe

  • SHA256

    3c5a4fa5efe2852729ce8ae85af06c19f907208a0e100ce1ee5f8f85c90196ce

  • SHA512

    fb0e5b6631681700b1131de47468df81b52507a8be392c62df2efc8792e19bdf66bdc4a7f21a57732b9223a32bb90491bcdeae55bc054cc17a7c35fe45b6417a

  • SSDEEP

    12288:mMryy90YXlI5N5vVsfsfBE4juJZ2RIXGlEEM8nz:EyY5PVTE2uJZ2RiG2EMw

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      3c5a4fa5efe2852729ce8ae85af06c19f907208a0e100ce1ee5f8f85c90196ce

    • Size

      530KB

    • MD5

      b7d355bcc3831c252ef8c730d31e0534

    • SHA1

      ba22c5ea25aee25023cc3517b0db997df0aeacfe

    • SHA256

      3c5a4fa5efe2852729ce8ae85af06c19f907208a0e100ce1ee5f8f85c90196ce

    • SHA512

      fb0e5b6631681700b1131de47468df81b52507a8be392c62df2efc8792e19bdf66bdc4a7f21a57732b9223a32bb90491bcdeae55bc054cc17a7c35fe45b6417a

    • SSDEEP

      12288:mMryy90YXlI5N5vVsfsfBE4juJZ2RIXGlEEM8nz:EyY5PVTE2uJZ2RiG2EMw

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks