General

  • Target

    d742e4b4d67496dab55b7c7bc06eee3d57c793d1c783f4a67fcca367094802e9

  • Size

    202KB

  • Sample

    241108-fcxq9avmg1

  • MD5

    e4550062c9c688e3e3a3df2e73243a27

  • SHA1

    345b6ce0ed11ef4e6671c0637689a444edb861dd

  • SHA256

    d742e4b4d67496dab55b7c7bc06eee3d57c793d1c783f4a67fcca367094802e9

  • SHA512

    3113349f85eb546b6ff719d0dbb6efb26f6b76d5b300acda0762ecf9296f6174e76c484fe99bd47d64a96335f07bb86ce0ea1c916216ec5fce6df7d630ee2644

  • SSDEEP

    3072:Kjy+bnr+O185GWp1icKAArDZz4N9GhbkrNEk60fA7jkFF9j5dBKOalY1:Kjy+bnr+np0yN90QE6fAHsF3B

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      d742e4b4d67496dab55b7c7bc06eee3d57c793d1c783f4a67fcca367094802e9

    • Size

      202KB

    • MD5

      e4550062c9c688e3e3a3df2e73243a27

    • SHA1

      345b6ce0ed11ef4e6671c0637689a444edb861dd

    • SHA256

      d742e4b4d67496dab55b7c7bc06eee3d57c793d1c783f4a67fcca367094802e9

    • SHA512

      3113349f85eb546b6ff719d0dbb6efb26f6b76d5b300acda0762ecf9296f6174e76c484fe99bd47d64a96335f07bb86ce0ea1c916216ec5fce6df7d630ee2644

    • SSDEEP

      3072:Kjy+bnr+O185GWp1icKAArDZz4N9GhbkrNEk60fA7jkFF9j5dBKOalY1:Kjy+bnr+np0yN90QE6fAHsF3B

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.