General

  • Target

    73ffd9c3176f4715c79e4569573077b3bb473054adbe679068d87cfbf452f148

  • Size

    478KB

  • Sample

    241108-d2zk2axjhn

  • MD5

    ced1a57877645ae90216b2a3587970b9

  • SHA1

    f7e9977d9af08e71f2cd02673a89296918b4f82c

  • SHA256

    73ffd9c3176f4715c79e4569573077b3bb473054adbe679068d87cfbf452f148

  • SHA512

    9d45d2cfa816d13c81e23bc6b9c29a51c4aaf4bbcf004b1ab6e487f6421b5cbdab1e1d3a8e631c0c804d18a8d4323b25f57333c401a223858f621b3f3843595c

  • SSDEEP

    6144:KXy+bnr+Yp0yN90QEqmb1wKIm4dv3HPeqtzEXFbuBiIsD65Pktm02U/5TkOjyTI:RMrYy90AqBIn1SFm5Zxkth2Ux3h

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      73ffd9c3176f4715c79e4569573077b3bb473054adbe679068d87cfbf452f148

    • Size

      478KB

    • MD5

      ced1a57877645ae90216b2a3587970b9

    • SHA1

      f7e9977d9af08e71f2cd02673a89296918b4f82c

    • SHA256

      73ffd9c3176f4715c79e4569573077b3bb473054adbe679068d87cfbf452f148

    • SHA512

      9d45d2cfa816d13c81e23bc6b9c29a51c4aaf4bbcf004b1ab6e487f6421b5cbdab1e1d3a8e631c0c804d18a8d4323b25f57333c401a223858f621b3f3843595c

    • SSDEEP

      6144:KXy+bnr+Yp0yN90QEqmb1wKIm4dv3HPeqtzEXFbuBiIsD65Pktm02U/5TkOjyTI:RMrYy90AqBIn1SFm5Zxkth2Ux3h

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.