General

  • Target

    9725b5be1cbbb2872551a8196d9fefb7114ab09aba1b3489699169599e0fe986N

  • Size

    526KB

  • Sample

    241109-1jb4cawjbp

  • MD5

    79d3b94f449e95085cfb4c960ca5a990

  • SHA1

    4cfc74126f0a85e647e244cb5da3f2292c7f1e4d

  • SHA256

    9725b5be1cbbb2872551a8196d9fefb7114ab09aba1b3489699169599e0fe986

  • SHA512

    617a0b87996ad3371b53770aa3340e0a505c6a007e66d8b47acfa05370b36ab041303e2f3593523d25c04aa84f229e4ac6f95ce0b7d20e47904df00c31e65a39

  • SSDEEP

    12288:1Mrwy90TkTC8G7SVGoYG4NGH17EVtizd6BrhuxjJYm:5ySkTzG2VVPWGHgpexr

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      9725b5be1cbbb2872551a8196d9fefb7114ab09aba1b3489699169599e0fe986N

    • Size

      526KB

    • MD5

      79d3b94f449e95085cfb4c960ca5a990

    • SHA1

      4cfc74126f0a85e647e244cb5da3f2292c7f1e4d

    • SHA256

      9725b5be1cbbb2872551a8196d9fefb7114ab09aba1b3489699169599e0fe986

    • SHA512

      617a0b87996ad3371b53770aa3340e0a505c6a007e66d8b47acfa05370b36ab041303e2f3593523d25c04aa84f229e4ac6f95ce0b7d20e47904df00c31e65a39

    • SSDEEP

      12288:1Mrwy90TkTC8G7SVGoYG4NGH17EVtizd6BrhuxjJYm:5ySkTzG2VVPWGHgpexr

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks