General

  • Target

    ac0cad80bf3c1ca11ca64e406000e90e03e15043385daccb6ecaf96bae9e128a

  • Size

    427KB

  • Sample

    241104-qw72fazlcw

  • MD5

    511edb8edb380790285ea2d3657ff2e8

  • SHA1

    952ab49b98341e2a2f073b5de46352e8d29613d9

  • SHA256

    ac0cad80bf3c1ca11ca64e406000e90e03e15043385daccb6ecaf96bae9e128a

  • SHA512

    e694e7d721407b041c32a072f8c9d53fd562f45ac19e59f42d027065422c3c056def04d910a855701001ed4532fd988612ff39fe06636cd251a8fb8b7a536ab1

  • SSDEEP

    6144:VOxIPdsYvdQMRrXO3RvTWLTDgpOhiBjLi3Ss04xSnvG01fl5waL6CHeBCxJPEYlU:VOmVrgLq8s3BFKl5BLtHesEKc

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      65e511cf23bd6cfa2aaacbef01565f56a278c33b9396322c4022b88100c48425.exe

    • Size

      478KB

    • MD5

      f6f59c7a04ebffefb8c26ac7e793830b

    • SHA1

      a3c5e62097ce27b7dbd81bfb130c7a6cb2238c3a

    • SHA256

      65e511cf23bd6cfa2aaacbef01565f56a278c33b9396322c4022b88100c48425

    • SHA512

      aef64a66fa376ae44a328cd996d94051a08a190e2fd62c23c9fc04eb8788b31d01b7a58c5685f7b9cf039e522da57d866056a38a8801947b750db549e5d8aa5d

    • SSDEEP

      6144:K5y+bnr+bp0yN90QEIVoUPyjqMC0o8HVmi9S2WBmkFSp0Vnx8hat9bybsIbar3xG:fMrvy902oUKZC0vS2ex+EmseajxmZ1t

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks