General

  • Target

    ffa3930882be59ebebcaec245ff57f1913876d34b21764460b0f11b8ee45127f

  • Size

    500KB

  • Sample

    241108-xwat9sxje1

  • MD5

    bd15cfa6f9db4c32dd99cb7d33f1b861

  • SHA1

    3e7db0a3c70d4c8681c92adbdbd81219c6a5926a

  • SHA256

    ffa3930882be59ebebcaec245ff57f1913876d34b21764460b0f11b8ee45127f

  • SHA512

    86922e87cd4fa8e2fd887047af46066e25f8c4974985009c634be975e9bf4a0affd86312e20aeb3124becb79cf70765291de1bdb132fb3507e2852414c67bb30

  • SSDEEP

    6144:K5y+bnr+/p0yN90QEOEhSk7H7f2aQLMAvkhuUD24TyJeEvKJqMSNsUsQbxYwAmoJ:7Mr/y90sEhSif2lSDzTmvKyNsUY/1J

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      ffa3930882be59ebebcaec245ff57f1913876d34b21764460b0f11b8ee45127f

    • Size

      500KB

    • MD5

      bd15cfa6f9db4c32dd99cb7d33f1b861

    • SHA1

      3e7db0a3c70d4c8681c92adbdbd81219c6a5926a

    • SHA256

      ffa3930882be59ebebcaec245ff57f1913876d34b21764460b0f11b8ee45127f

    • SHA512

      86922e87cd4fa8e2fd887047af46066e25f8c4974985009c634be975e9bf4a0affd86312e20aeb3124becb79cf70765291de1bdb132fb3507e2852414c67bb30

    • SSDEEP

      6144:K5y+bnr+/p0yN90QEOEhSk7H7f2aQLMAvkhuUD24TyJeEvKJqMSNsUsQbxYwAmoJ:7Mr/y90sEhSif2lSDzTmvKyNsUY/1J

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.