General

  • Target

    0c81cccd207f4ea01d1e26748cea5194cfe789b8239b38b0973030297147e35e

  • Size

    478KB

  • Sample

    241108-bcxn2atrbk

  • MD5

    43116201ff307876aa503570f711ec88

  • SHA1

    f85dd1689fd8ae16e198da253207fe3101ccb95e

  • SHA256

    0c81cccd207f4ea01d1e26748cea5194cfe789b8239b38b0973030297147e35e

  • SHA512

    c9f28e6a6f9c8cb30f48811e32216f2444235eec34ddf8794b8c903cf3d46e861a16670ee1b2c44e93ff63daa75fab54a15054bdab42451eb63afb6752581adc

  • SSDEEP

    6144:Kcy+bnr+Dp0yN90QEjswtOwM4LtTm5K5gBqbb99aB5NtdHF2z/9MC10xdb5EP7fc:wMrry90hNtRqEUqF2dHF7Txdb5S5g6o

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      0c81cccd207f4ea01d1e26748cea5194cfe789b8239b38b0973030297147e35e

    • Size

      478KB

    • MD5

      43116201ff307876aa503570f711ec88

    • SHA1

      f85dd1689fd8ae16e198da253207fe3101ccb95e

    • SHA256

      0c81cccd207f4ea01d1e26748cea5194cfe789b8239b38b0973030297147e35e

    • SHA512

      c9f28e6a6f9c8cb30f48811e32216f2444235eec34ddf8794b8c903cf3d46e861a16670ee1b2c44e93ff63daa75fab54a15054bdab42451eb63afb6752581adc

    • SSDEEP

      6144:Kcy+bnr+Dp0yN90QEjswtOwM4LtTm5K5gBqbb99aB5NtdHF2z/9MC10xdb5EP7fc:wMrry90hNtRqEUqF2dHF7Txdb5S5g6o

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks