General

  • Target

    bb98692a8b6fd7a529954c68ff02d85a5fe812d395881ad3b77c627e61bb70ec

  • Size

    560KB

  • Sample

    241109-ense8szmgj

  • MD5

    e6399b2d2c2a4f9962dc96d6d53cbacc

  • SHA1

    2fdaae0921a61fb518c3507fe8a87d82efc253ba

  • SHA256

    bb98692a8b6fd7a529954c68ff02d85a5fe812d395881ad3b77c627e61bb70ec

  • SHA512

    59c75d370641ff33b75fd93a6616451ccd26857eaa3a63f645e52b8a710eb810f4c8ac81403c85f12f6d0ce9a6f6b3995a4433a6e4769b0600e50aa258502acf

  • SSDEEP

    12288:9MrIy90IaNvtBk2nzvzpk6xD7TaD4y9b++G0SA3B8h:Vyl4FBk2zvzpkaD7TaDL9bjHv+

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      bb98692a8b6fd7a529954c68ff02d85a5fe812d395881ad3b77c627e61bb70ec

    • Size

      560KB

    • MD5

      e6399b2d2c2a4f9962dc96d6d53cbacc

    • SHA1

      2fdaae0921a61fb518c3507fe8a87d82efc253ba

    • SHA256

      bb98692a8b6fd7a529954c68ff02d85a5fe812d395881ad3b77c627e61bb70ec

    • SHA512

      59c75d370641ff33b75fd93a6616451ccd26857eaa3a63f645e52b8a710eb810f4c8ac81403c85f12f6d0ce9a6f6b3995a4433a6e4769b0600e50aa258502acf

    • SSDEEP

      12288:9MrIy90IaNvtBk2nzvzpk6xD7TaD4y9b++G0SA3B8h:Vyl4FBk2zvzpkaD7TaDL9bjHv+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks