General

  • Target

    5f998774da52f7aa5450af9182d4501968c020d75857e0badf3c1118aa7215c4

  • Size

    483KB

  • Sample

    241108-e9tkeswblg

  • MD5

    5824e8e459a282d9a943546c96ac83cc

  • SHA1

    c0cdea214a3fc6813b5c6afd43f33e962f0d9039

  • SHA256

    5f998774da52f7aa5450af9182d4501968c020d75857e0badf3c1118aa7215c4

  • SHA512

    939c0dbe792ee7000ec7d56d8d180ee5d8b2b1669ff28dca8fafa4a6ff1842891efd678c55c224fd664cea5da75d95db76f56509b91f66102c315635cfc7df43

  • SSDEEP

    12288:wMrjKy90CSo6aU0yq7IgQGuExT1uOVMZuzBsAe9Y:DKyfj6nq1Ew1u7Zuz8S

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      5f998774da52f7aa5450af9182d4501968c020d75857e0badf3c1118aa7215c4

    • Size

      483KB

    • MD5

      5824e8e459a282d9a943546c96ac83cc

    • SHA1

      c0cdea214a3fc6813b5c6afd43f33e962f0d9039

    • SHA256

      5f998774da52f7aa5450af9182d4501968c020d75857e0badf3c1118aa7215c4

    • SHA512

      939c0dbe792ee7000ec7d56d8d180ee5d8b2b1669ff28dca8fafa4a6ff1842891efd678c55c224fd664cea5da75d95db76f56509b91f66102c315635cfc7df43

    • SSDEEP

      12288:wMrjKy90CSo6aU0yq7IgQGuExT1uOVMZuzBsAe9Y:DKyfj6nq1Ew1u7Zuz8S

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.