General

  • Target

    fa5c7259b3dcb9c5ac2180132c055d52255bbd67672fac459dbf3f92804c2917

  • Size

    556KB

  • Sample

    241109-f317cs1ngm

  • MD5

    7a41ab8dcd00900cafc56a9b25d0883d

  • SHA1

    20279bf2e586af3da18ea7450f6327078d42b49b

  • SHA256

    fa5c7259b3dcb9c5ac2180132c055d52255bbd67672fac459dbf3f92804c2917

  • SHA512

    281ca3031a8de8d23d500582e46102a4828a3f8d360ea8cfd5ce7140fa9c0607089bd428110be7ce8eadc0b3516df72203a9baefa9e10276587ef1701f39b066

  • SSDEEP

    12288:7Mr1y90YTFYp0cJ5Qi7yQ7Pfpk+G4G21UGE2:qy12p0cJ5JyQ7H1G4GWUGD

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      fa5c7259b3dcb9c5ac2180132c055d52255bbd67672fac459dbf3f92804c2917

    • Size

      556KB

    • MD5

      7a41ab8dcd00900cafc56a9b25d0883d

    • SHA1

      20279bf2e586af3da18ea7450f6327078d42b49b

    • SHA256

      fa5c7259b3dcb9c5ac2180132c055d52255bbd67672fac459dbf3f92804c2917

    • SHA512

      281ca3031a8de8d23d500582e46102a4828a3f8d360ea8cfd5ce7140fa9c0607089bd428110be7ce8eadc0b3516df72203a9baefa9e10276587ef1701f39b066

    • SSDEEP

      12288:7Mr1y90YTFYp0cJ5Qi7yQ7Pfpk+G4G21UGE2:qy12p0cJ5JyQ7H1G4GWUGD

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks