General

  • Target

    f2953b246770016aa2a16191637e5fd51097ccde4de9dd6c2cf58bef19a6426c

  • Size

    560KB

  • Sample

    241109-f2yd3s1ndq

  • MD5

    76ea57f8d82b49ac7dc178752e4921da

  • SHA1

    198f2db7d418853dead17a8c812745511b8f2f6f

  • SHA256

    f2953b246770016aa2a16191637e5fd51097ccde4de9dd6c2cf58bef19a6426c

  • SHA512

    fe225a7cf205279177617afb0b01ebce5396738387f551dad85ec820b16d1a8e3628a83500248dcda487d1e62744773e4d24f8ea25b893eea4646f6c9d7696cd

  • SSDEEP

    12288:uMrOy90PJX52Hihd0B8n/ZPdY9+erqD2HhBK8h8LP817PCkN:cycJthd0OnRPdXernbDh80XN

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      f2953b246770016aa2a16191637e5fd51097ccde4de9dd6c2cf58bef19a6426c

    • Size

      560KB

    • MD5

      76ea57f8d82b49ac7dc178752e4921da

    • SHA1

      198f2db7d418853dead17a8c812745511b8f2f6f

    • SHA256

      f2953b246770016aa2a16191637e5fd51097ccde4de9dd6c2cf58bef19a6426c

    • SHA512

      fe225a7cf205279177617afb0b01ebce5396738387f551dad85ec820b16d1a8e3628a83500248dcda487d1e62744773e4d24f8ea25b893eea4646f6c9d7696cd

    • SSDEEP

      12288:uMrOy90PJX52Hihd0B8n/ZPdY9+erqD2HhBK8h8LP817PCkN:cycJthd0OnRPdXernbDh80XN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks