General

  • Target

    f87af8872677c19bddc88ce0752b966ab156c47c5b4d27857cdfc04a83b5fa7f

  • Size

    562KB

  • Sample

    241109-gywlrazamp

  • MD5

    d6f47dc7945480708da2fdf5154c1ad6

  • SHA1

    68e6f8108e88dd874dc8862da1146a8ddbae2ff3

  • SHA256

    f87af8872677c19bddc88ce0752b966ab156c47c5b4d27857cdfc04a83b5fa7f

  • SHA512

    77cf8f611e83a07778b9a8f7354d3e4b05870cdd7a246bc7f850540cb04083263e95d29e01d7a1e96fcc942f21c1e2f2276dd5bfa6e8581624afdead7412d8fb

  • SSDEEP

    12288:gMMrTy907DgHvNfWYK0xssmQH1aBVl11B:g/yODgHvNfWYK0BXs3

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      f87af8872677c19bddc88ce0752b966ab156c47c5b4d27857cdfc04a83b5fa7f

    • Size

      562KB

    • MD5

      d6f47dc7945480708da2fdf5154c1ad6

    • SHA1

      68e6f8108e88dd874dc8862da1146a8ddbae2ff3

    • SHA256

      f87af8872677c19bddc88ce0752b966ab156c47c5b4d27857cdfc04a83b5fa7f

    • SHA512

      77cf8f611e83a07778b9a8f7354d3e4b05870cdd7a246bc7f850540cb04083263e95d29e01d7a1e96fcc942f21c1e2f2276dd5bfa6e8581624afdead7412d8fb

    • SSDEEP

      12288:gMMrTy907DgHvNfWYK0xssmQH1aBVl11B:g/yODgHvNfWYK0BXs3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks