General

  • Target

    d2ab28d9c4dd71a255425c3a4ce931cc6b9ad99ba208eddaa52004935752d051

  • Size

    481KB

  • Sample

    241107-qlebdashpr

  • MD5

    c1c8528258194a9559024028bb28cc53

  • SHA1

    9ac3307463b1376f07338870eb5c35d3e905ec4c

  • SHA256

    d2ab28d9c4dd71a255425c3a4ce931cc6b9ad99ba208eddaa52004935752d051

  • SHA512

    562acb8c09ac01fc51a2d62c5c2da8772ae1d734c7f7857c3fed4917ca14d42582f1766387a17c6afcfbf1aef8429fc4be642700717b08199ae5aaf66ebfc275

  • SSDEEP

    6144:K+y+bnr+op0yN90QEAoDyVKoUaFRKP2sD2fl4mPE2ZKkvS6RehA7U3VO5pn3iwVK:qMrQy90W6yVpA2qKh82ZKj6NUQ/m

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      d2ab28d9c4dd71a255425c3a4ce931cc6b9ad99ba208eddaa52004935752d051

    • Size

      481KB

    • MD5

      c1c8528258194a9559024028bb28cc53

    • SHA1

      9ac3307463b1376f07338870eb5c35d3e905ec4c

    • SHA256

      d2ab28d9c4dd71a255425c3a4ce931cc6b9ad99ba208eddaa52004935752d051

    • SHA512

      562acb8c09ac01fc51a2d62c5c2da8772ae1d734c7f7857c3fed4917ca14d42582f1766387a17c6afcfbf1aef8429fc4be642700717b08199ae5aaf66ebfc275

    • SSDEEP

      6144:K+y+bnr+op0yN90QEAoDyVKoUaFRKP2sD2fl4mPE2ZKkvS6RehA7U3VO5pn3iwVK:qMrQy90W6yVpA2qKh82ZKj6NUQ/m

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks