General

  • Target

    e6a175592e81f75e6de2226109be10ee604209a5d0b1077e166f5fa9ec825b1a

  • Size

    530KB

  • Sample

    241109-xscvfszfqa

  • MD5

    fb4fb39d84538bb1ebc4842e1f3a05d5

  • SHA1

    95518b4916fd47c4d1c2cd71c100479efd66c719

  • SHA256

    e6a175592e81f75e6de2226109be10ee604209a5d0b1077e166f5fa9ec825b1a

  • SHA512

    d499a35abcbf535632fee1b7682217254b02444f5ee0e08b8572488bc7d46f407ef0fca8ed2fe420b1a1866a968aa3b9cebbb178869d2444c7ba1d3648fa9bc6

  • SSDEEP

    12288:ZMrjy90EDjZtheR4nPBzIlDzB6MG0vkFZuJiysoE21:+yp313P4sYvssiysoJ

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      e6a175592e81f75e6de2226109be10ee604209a5d0b1077e166f5fa9ec825b1a

    • Size

      530KB

    • MD5

      fb4fb39d84538bb1ebc4842e1f3a05d5

    • SHA1

      95518b4916fd47c4d1c2cd71c100479efd66c719

    • SHA256

      e6a175592e81f75e6de2226109be10ee604209a5d0b1077e166f5fa9ec825b1a

    • SHA512

      d499a35abcbf535632fee1b7682217254b02444f5ee0e08b8572488bc7d46f407ef0fca8ed2fe420b1a1866a968aa3b9cebbb178869d2444c7ba1d3648fa9bc6

    • SSDEEP

      12288:ZMrjy90EDjZtheR4nPBzIlDzB6MG0vkFZuJiysoE21:+yp313P4sYvssiysoJ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks