General

  • Target

    6cb15dc1c6f00c26c2279a30051ee9ade1c4c2aa2ab6075db5808a5d5604ede2

  • Size

    386KB

  • Sample

    241109-fwnyfsycka

  • MD5

    60839aa0c298a290a2255e27f745b63a

  • SHA1

    aacfb0f3ee4132fa961af872a01f2cc0fbd7086b

  • SHA256

    6cb15dc1c6f00c26c2279a30051ee9ade1c4c2aa2ab6075db5808a5d5604ede2

  • SHA512

    8f9f59f203b6a0420c06a80953c3e2b31292e95ceee55467bdd81c7cb8cb6cd18ee40c579baa80c415ed7e0e01fdbaf7b2bb05f0269f2e8ab33cb04e4d843a8b

  • SSDEEP

    6144:K/y+bnr+Np0yN90QElYJF0rvl+rDXKFVB2b1I5lWf8b27LKm19NV3dO/ko9U3dC:JMrBy90UE+HKpC1KWkb2/D3dO8o9U3I

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      6cb15dc1c6f00c26c2279a30051ee9ade1c4c2aa2ab6075db5808a5d5604ede2

    • Size

      386KB

    • MD5

      60839aa0c298a290a2255e27f745b63a

    • SHA1

      aacfb0f3ee4132fa961af872a01f2cc0fbd7086b

    • SHA256

      6cb15dc1c6f00c26c2279a30051ee9ade1c4c2aa2ab6075db5808a5d5604ede2

    • SHA512

      8f9f59f203b6a0420c06a80953c3e2b31292e95ceee55467bdd81c7cb8cb6cd18ee40c579baa80c415ed7e0e01fdbaf7b2bb05f0269f2e8ab33cb04e4d843a8b

    • SSDEEP

      6144:K/y+bnr+Np0yN90QElYJF0rvl+rDXKFVB2b1I5lWf8b27LKm19NV3dO/ko9U3dC:JMrBy90UE+HKpC1KWkb2/D3dO8o9U3I

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks