General

  • Target

    228f8c2dacec34f6f46e67cffe264568c6fb614b9b071a42de0aa338cd4e6987

  • Size

    483KB

  • Sample

    241108-yabecayame

  • MD5

    756c59b1482522f6965f0c7d319a4daf

  • SHA1

    a997ae2299febb30bc9a34ae905a9a5d26dedb0f

  • SHA256

    228f8c2dacec34f6f46e67cffe264568c6fb614b9b071a42de0aa338cd4e6987

  • SHA512

    55450290d015d706f804f08f904127d5e7ec6457378d805784e918af3f958a018fc03eade51ff1217d8bb1f7a025e4850daf3ce78b95e524d13a64dba289d5d4

  • SSDEEP

    12288:JMr7y90kBQvlLVcJdfAwabCSYZB7gZlB976/:iyT2vFVK2M7gjB97i

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      228f8c2dacec34f6f46e67cffe264568c6fb614b9b071a42de0aa338cd4e6987

    • Size

      483KB

    • MD5

      756c59b1482522f6965f0c7d319a4daf

    • SHA1

      a997ae2299febb30bc9a34ae905a9a5d26dedb0f

    • SHA256

      228f8c2dacec34f6f46e67cffe264568c6fb614b9b071a42de0aa338cd4e6987

    • SHA512

      55450290d015d706f804f08f904127d5e7ec6457378d805784e918af3f958a018fc03eade51ff1217d8bb1f7a025e4850daf3ce78b95e524d13a64dba289d5d4

    • SSDEEP

      12288:JMr7y90kBQvlLVcJdfAwabCSYZB7gZlB976/:iyT2vFVK2M7gjB97i

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.