General

  • Target

    92f2db74da95791ef892f321151fe8f2c7f0f71f3d2b9abc8a546272e82d4005

  • Size

    724KB

  • Sample

    241108-krddda1rfj

  • MD5

    f44e1ea4817e82e773277470fd6f65db

  • SHA1

    6b061fba83d0a38406cecc460d77b0a9b7fd8712

  • SHA256

    92f2db74da95791ef892f321151fe8f2c7f0f71f3d2b9abc8a546272e82d4005

  • SHA512

    c63d1274a1703d22ede163eb6e969d26839dd3d0af49d7f899c4ebe4dbf288b64d2f5d17ccde4bb2449768b0a0e408f68316e2d50642b07724c077a6895f64ce

  • SSDEEP

    12288:SMrEy90IU3YBib4rjqkkR7crrX4gr/xxncA1K9A+gPiZ1urIVCF6v:CykYhSlOXhr/Dnc2K6jS1hVCFI

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      92f2db74da95791ef892f321151fe8f2c7f0f71f3d2b9abc8a546272e82d4005

    • Size

      724KB

    • MD5

      f44e1ea4817e82e773277470fd6f65db

    • SHA1

      6b061fba83d0a38406cecc460d77b0a9b7fd8712

    • SHA256

      92f2db74da95791ef892f321151fe8f2c7f0f71f3d2b9abc8a546272e82d4005

    • SHA512

      c63d1274a1703d22ede163eb6e969d26839dd3d0af49d7f899c4ebe4dbf288b64d2f5d17ccde4bb2449768b0a0e408f68316e2d50642b07724c077a6895f64ce

    • SSDEEP

      12288:SMrEy90IU3YBib4rjqkkR7crrX4gr/xxncA1K9A+gPiZ1urIVCF6v:CykYhSlOXhr/Dnc2K6jS1hVCFI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks