General

  • Target

    d742e4b4d67496dab55b7c7bc06eee3d57c793d1c783f4a67fcca367094802e9

  • Size

    202KB

  • Sample

    241108-fcxq9avmg1

  • MD5

    e4550062c9c688e3e3a3df2e73243a27

  • SHA1

    345b6ce0ed11ef4e6671c0637689a444edb861dd

  • SHA256

    d742e4b4d67496dab55b7c7bc06eee3d57c793d1c783f4a67fcca367094802e9

  • SHA512

    3113349f85eb546b6ff719d0dbb6efb26f6b76d5b300acda0762ecf9296f6174e76c484fe99bd47d64a96335f07bb86ce0ea1c916216ec5fce6df7d630ee2644

  • SSDEEP

    3072:Kjy+bnr+O185GWp1icKAArDZz4N9GhbkrNEk60fA7jkFF9j5dBKOalY1:Kjy+bnr+np0yN90QE6fAHsF3B

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      d742e4b4d67496dab55b7c7bc06eee3d57c793d1c783f4a67fcca367094802e9

    • Size

      202KB

    • MD5

      e4550062c9c688e3e3a3df2e73243a27

    • SHA1

      345b6ce0ed11ef4e6671c0637689a444edb861dd

    • SHA256

      d742e4b4d67496dab55b7c7bc06eee3d57c793d1c783f4a67fcca367094802e9

    • SHA512

      3113349f85eb546b6ff719d0dbb6efb26f6b76d5b300acda0762ecf9296f6174e76c484fe99bd47d64a96335f07bb86ce0ea1c916216ec5fce6df7d630ee2644

    • SSDEEP

      3072:Kjy+bnr+O185GWp1icKAArDZz4N9GhbkrNEk60fA7jkFF9j5dBKOalY1:Kjy+bnr+np0yN90QE6fAHsF3B

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks