General

  • Target

    588ce8eac00efa91f56fcc8187aaae9168edde5b6189666caa9fb1cbc2f1f50e

  • Size

    477KB

  • Sample

    241109-17av7atdma

  • MD5

    70a07a89c3f372bff95e5c065a200844

  • SHA1

    effe6284520bdb76fd69f64c5ede49e06e2f81ca

  • SHA256

    588ce8eac00efa91f56fcc8187aaae9168edde5b6189666caa9fb1cbc2f1f50e

  • SHA512

    891bcbb0deab0f648e413a3fd5964e92d504e7f6faaa73def81901ac0430d47cbc65e4b326b798399f9a8a7a322a74b267fe86e01bb5e6e3e67cc8ed098e45a5

  • SSDEEP

    6144:K3y+bnr+9p0yN90QE5YMvvVUIq/GM1zElJMtJ9IquAtNxb0K48lVBhgXb5Cv:RMrJy90/vvVmGM1YJMvGtU4iwYv

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      588ce8eac00efa91f56fcc8187aaae9168edde5b6189666caa9fb1cbc2f1f50e

    • Size

      477KB

    • MD5

      70a07a89c3f372bff95e5c065a200844

    • SHA1

      effe6284520bdb76fd69f64c5ede49e06e2f81ca

    • SHA256

      588ce8eac00efa91f56fcc8187aaae9168edde5b6189666caa9fb1cbc2f1f50e

    • SHA512

      891bcbb0deab0f648e413a3fd5964e92d504e7f6faaa73def81901ac0430d47cbc65e4b326b798399f9a8a7a322a74b267fe86e01bb5e6e3e67cc8ed098e45a5

    • SSDEEP

      6144:K3y+bnr+9p0yN90QE5YMvvVUIq/GM1zElJMtJ9IquAtNxb0K48lVBhgXb5Cv:RMrJy90/vvVmGM1YJMvGtU4iwYv

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks