General

  • Target

    e8b926f9f25aa05c50907d0b8f5bc6248aa607360e9fc11f082fe50054103765

  • Size

    476KB

  • Sample

    241109-tx3pwsxgpg

  • MD5

    af95cc724192774c2d2adf95edc3e8b0

  • SHA1

    448cc9496cb6da63a5462c72c9f575ba2786acc9

  • SHA256

    e8b926f9f25aa05c50907d0b8f5bc6248aa607360e9fc11f082fe50054103765

  • SHA512

    84cb0c8b7d06a8f5cd5de9ac50e8343df92d5d4c6bd6dd562271ef82e63e601c0225b8fad3b41fab37f91b22e14804d651a251529ae35ffc875054ea64ea9136

  • SSDEEP

    12288:9Mr4y90JEtLP4BVJVcZUJ3NGwqP+ZuGuDnFu+Q:NyOSLg3BGGupQ

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      e8b926f9f25aa05c50907d0b8f5bc6248aa607360e9fc11f082fe50054103765

    • Size

      476KB

    • MD5

      af95cc724192774c2d2adf95edc3e8b0

    • SHA1

      448cc9496cb6da63a5462c72c9f575ba2786acc9

    • SHA256

      e8b926f9f25aa05c50907d0b8f5bc6248aa607360e9fc11f082fe50054103765

    • SHA512

      84cb0c8b7d06a8f5cd5de9ac50e8343df92d5d4c6bd6dd562271ef82e63e601c0225b8fad3b41fab37f91b22e14804d651a251529ae35ffc875054ea64ea9136

    • SSDEEP

      12288:9Mr4y90JEtLP4BVJVcZUJ3NGwqP+ZuGuDnFu+Q:NyOSLg3BGGupQ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks