General

  • Target

    fa195c83a54502550f8d47dc563e0c97cb328c86d4270e601a0c6304386b3261

  • Size

    477KB

  • Sample

    241109-v1vn5ayfqj

  • MD5

    9ca464b7586f1566d4b46cf4b6be03ed

  • SHA1

    8b26d171bba661edbc96afb20de6dc8c113d705e

  • SHA256

    fa195c83a54502550f8d47dc563e0c97cb328c86d4270e601a0c6304386b3261

  • SHA512

    57cf1974c8198987320e626be179c7e2f7e72bf909883cfaad20493255d9f410291dc4d7ea328a72bfb5794c3a604dea3238f0e1ca7c2d31f0281f757e25da76

  • SSDEEP

    12288:pMrSy90YC08RUoUxyJiCyM1QrBypPd7EcNJExGd9Ldn6XmRnrWZ:jyzBxy4kDn7EcH4Y9HnrI

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      fa195c83a54502550f8d47dc563e0c97cb328c86d4270e601a0c6304386b3261

    • Size

      477KB

    • MD5

      9ca464b7586f1566d4b46cf4b6be03ed

    • SHA1

      8b26d171bba661edbc96afb20de6dc8c113d705e

    • SHA256

      fa195c83a54502550f8d47dc563e0c97cb328c86d4270e601a0c6304386b3261

    • SHA512

      57cf1974c8198987320e626be179c7e2f7e72bf909883cfaad20493255d9f410291dc4d7ea328a72bfb5794c3a604dea3238f0e1ca7c2d31f0281f757e25da76

    • SSDEEP

      12288:pMrSy90YC08RUoUxyJiCyM1QrBypPd7EcNJExGd9Ldn6XmRnrWZ:jyzBxy4kDn7EcH4Y9HnrI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks