General

  • Target

    94928eadfcbfda621f8fb2d4c6d904459dd678ebaf1424fdccc0fe6656b0c61c

  • Size

    526KB

  • Sample

    241109-xqr7csyrgt

  • MD5

    24a88c3e32d395f96d82d95c38a765d2

  • SHA1

    9e893432528e16ae168ea2713f338e26dfcd64e5

  • SHA256

    94928eadfcbfda621f8fb2d4c6d904459dd678ebaf1424fdccc0fe6656b0c61c

  • SHA512

    b1409b905395f2601904bd182e56611c27d19240b6b38da90bfb5fd62dd84013bba5e0e6ec458a77183961f6651740f4a8980dcd55ded7a1fbc8a86c6bb9fbaf

  • SSDEEP

    12288:PMrvy90ZRmLfRREkTu+vCPuD7NhH1+6q1Sd7x3YB:Yy3/EkT7aPuDjc6muSB

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      94928eadfcbfda621f8fb2d4c6d904459dd678ebaf1424fdccc0fe6656b0c61c

    • Size

      526KB

    • MD5

      24a88c3e32d395f96d82d95c38a765d2

    • SHA1

      9e893432528e16ae168ea2713f338e26dfcd64e5

    • SHA256

      94928eadfcbfda621f8fb2d4c6d904459dd678ebaf1424fdccc0fe6656b0c61c

    • SHA512

      b1409b905395f2601904bd182e56611c27d19240b6b38da90bfb5fd62dd84013bba5e0e6ec458a77183961f6651740f4a8980dcd55ded7a1fbc8a86c6bb9fbaf

    • SSDEEP

      12288:PMrvy90ZRmLfRREkTu+vCPuD7NhH1+6q1Sd7x3YB:Yy3/EkT7aPuDjc6muSB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks