General

  • Target

    f2bcfa0a8bf16a6f57a298c98a30b5f05e93a9d12f8c5f2e00283653ab438c08

  • Size

    500KB

  • Sample

    241109-qas1dsvdrq

  • MD5

    6dfdffd81609483c364add6c0de301d4

  • SHA1

    19e2a370b503c213d1d06e630d506f13581f5dda

  • SHA256

    f2bcfa0a8bf16a6f57a298c98a30b5f05e93a9d12f8c5f2e00283653ab438c08

  • SHA512

    56325014063f368425b2e64f9bd42f428afd77be4e54a7dc0ef5668375a09f266f347e24e63b21435cf7280244ea46f4b90cc06c57a010d2e6fe0e1a225c2030

  • SSDEEP

    12288:JMrBy90TiUbBxIE9X7iazS8G/SzC6EVLEOq:EyEBxjXGYSL6EB8

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      f2bcfa0a8bf16a6f57a298c98a30b5f05e93a9d12f8c5f2e00283653ab438c08

    • Size

      500KB

    • MD5

      6dfdffd81609483c364add6c0de301d4

    • SHA1

      19e2a370b503c213d1d06e630d506f13581f5dda

    • SHA256

      f2bcfa0a8bf16a6f57a298c98a30b5f05e93a9d12f8c5f2e00283653ab438c08

    • SHA512

      56325014063f368425b2e64f9bd42f428afd77be4e54a7dc0ef5668375a09f266f347e24e63b21435cf7280244ea46f4b90cc06c57a010d2e6fe0e1a225c2030

    • SSDEEP

      12288:JMrBy90TiUbBxIE9X7iazS8G/SzC6EVLEOq:EyEBxjXGYSL6EB8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.