General

  • Target

    01eceb13b183fe1392f1fd80e4ccca88e5eb638939f035e59355cab00189c215

  • Size

    483KB

  • Sample

    241108-jpdqpaydng

  • MD5

    538805f63bc42c686fa60f64e25e72d0

  • SHA1

    6923f881b607f3ad04723ea0b0bff7ac7b92b159

  • SHA256

    01eceb13b183fe1392f1fd80e4ccca88e5eb638939f035e59355cab00189c215

  • SHA512

    c8cebe11c3bda3a30c078bb35ec5a70d859870a9a7336556eeac142ca2140a92b699e8c9e51bcf614bf3c5af6e7c5b2eddec83f98101e3003cd5b9c0dce838e3

  • SSDEEP

    12288:pMrCy90O0RPdY/WVy9ydiJOVxL023gW4wsj0ve3sj:Ty10RPu+VwSiJWLXZ4KG8j

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      01eceb13b183fe1392f1fd80e4ccca88e5eb638939f035e59355cab00189c215

    • Size

      483KB

    • MD5

      538805f63bc42c686fa60f64e25e72d0

    • SHA1

      6923f881b607f3ad04723ea0b0bff7ac7b92b159

    • SHA256

      01eceb13b183fe1392f1fd80e4ccca88e5eb638939f035e59355cab00189c215

    • SHA512

      c8cebe11c3bda3a30c078bb35ec5a70d859870a9a7336556eeac142ca2140a92b699e8c9e51bcf614bf3c5af6e7c5b2eddec83f98101e3003cd5b9c0dce838e3

    • SSDEEP

      12288:pMrCy90O0RPdY/WVy9ydiJOVxL023gW4wsj0ve3sj:Ty10RPu+VwSiJWLXZ4KG8j

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks