General

  • Target

    5f998774da52f7aa5450af9182d4501968c020d75857e0badf3c1118aa7215c4

  • Size

    483KB

  • Sample

    241108-e9tkeswblg

  • MD5

    5824e8e459a282d9a943546c96ac83cc

  • SHA1

    c0cdea214a3fc6813b5c6afd43f33e962f0d9039

  • SHA256

    5f998774da52f7aa5450af9182d4501968c020d75857e0badf3c1118aa7215c4

  • SHA512

    939c0dbe792ee7000ec7d56d8d180ee5d8b2b1669ff28dca8fafa4a6ff1842891efd678c55c224fd664cea5da75d95db76f56509b91f66102c315635cfc7df43

  • SSDEEP

    12288:wMrjKy90CSo6aU0yq7IgQGuExT1uOVMZuzBsAe9Y:DKyfj6nq1Ew1u7Zuz8S

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      5f998774da52f7aa5450af9182d4501968c020d75857e0badf3c1118aa7215c4

    • Size

      483KB

    • MD5

      5824e8e459a282d9a943546c96ac83cc

    • SHA1

      c0cdea214a3fc6813b5c6afd43f33e962f0d9039

    • SHA256

      5f998774da52f7aa5450af9182d4501968c020d75857e0badf3c1118aa7215c4

    • SHA512

      939c0dbe792ee7000ec7d56d8d180ee5d8b2b1669ff28dca8fafa4a6ff1842891efd678c55c224fd664cea5da75d95db76f56509b91f66102c315635cfc7df43

    • SSDEEP

      12288:wMrjKy90CSo6aU0yq7IgQGuExT1uOVMZuzBsAe9Y:DKyfj6nq1Ew1u7Zuz8S

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks