General

  • Target

    7f4345fcf42af99e3d7632a1c19293625ef73453a2a4a3171e0a14d33ac5a454

  • Size

    482KB

  • Sample

    241106-r5ddvs1nbw

  • MD5

    5d2d7a90c2e08f57246bb2f9ca212915

  • SHA1

    ee2a2f4677d70312e3320fa42a4030a29cacfe54

  • SHA256

    7f4345fcf42af99e3d7632a1c19293625ef73453a2a4a3171e0a14d33ac5a454

  • SHA512

    da872b2a5e9187c6e53b1cb669e9f773261c9d8871be00dd0ad50df2621f8f960cedcf1cbd20cf81f45b1676d4fb360f4fc225f98c5f2615301a0453630078f2

  • SSDEEP

    12288:TMrCy90qJkxUQZHyxsnCKYX/C4czE8HGWrqJp/tuS8:9ygxmGCK06VzE8cp/8S8

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      7f4345fcf42af99e3d7632a1c19293625ef73453a2a4a3171e0a14d33ac5a454

    • Size

      482KB

    • MD5

      5d2d7a90c2e08f57246bb2f9ca212915

    • SHA1

      ee2a2f4677d70312e3320fa42a4030a29cacfe54

    • SHA256

      7f4345fcf42af99e3d7632a1c19293625ef73453a2a4a3171e0a14d33ac5a454

    • SHA512

      da872b2a5e9187c6e53b1cb669e9f773261c9d8871be00dd0ad50df2621f8f960cedcf1cbd20cf81f45b1676d4fb360f4fc225f98c5f2615301a0453630078f2

    • SSDEEP

      12288:TMrCy90qJkxUQZHyxsnCKYX/C4czE8HGWrqJp/tuS8:9ygxmGCK06VzE8cp/8S8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks