General

  • Target

    0ae93bb049334481ff358266d3b58aaf3263b65e0e89d0b330caaecd590cbb4e

  • Size

    726KB

  • Sample

    241107-rve5pstjgt

  • MD5

    4da5580bdb77f1a2c4c48351a51a656a

  • SHA1

    caa9805162e7763cb5a3e971fd185b35965fed25

  • SHA256

    0ae93bb049334481ff358266d3b58aaf3263b65e0e89d0b330caaecd590cbb4e

  • SHA512

    03cdfa1bc249a8d9fe23eecfffc3607a79608a54cc1d094a42ab1c989a9a3636cfe2cf359c13380d486f96b35c4701ec841fe965e362a197e099772f08757b83

  • SSDEEP

    12288:0MrPy90sqy+vwj3ctJK2kwXKRLYUapy39iPpquuVPR7MUR51BB7oBqU7YeALqtY7:7yNf3cj1kwy9j92V6RMQBBEpMLqqu1M

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      0ae93bb049334481ff358266d3b58aaf3263b65e0e89d0b330caaecd590cbb4e

    • Size

      726KB

    • MD5

      4da5580bdb77f1a2c4c48351a51a656a

    • SHA1

      caa9805162e7763cb5a3e971fd185b35965fed25

    • SHA256

      0ae93bb049334481ff358266d3b58aaf3263b65e0e89d0b330caaecd590cbb4e

    • SHA512

      03cdfa1bc249a8d9fe23eecfffc3607a79608a54cc1d094a42ab1c989a9a3636cfe2cf359c13380d486f96b35c4701ec841fe965e362a197e099772f08757b83

    • SSDEEP

      12288:0MrPy90sqy+vwj3ctJK2kwXKRLYUapy39iPpquuVPR7MUR51BB7oBqU7YeALqtY7:7yNf3cj1kwy9j92V6RMQBBEpMLqqu1M

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks