General

  • Target

    ca97aa403f53b2c908df5077d0af0be79d884ddf9948512938815a9f138a3094N

  • Size

    668KB

  • Sample

    241110-a7wvjsvnfz

  • MD5

    22951d96e0492dd11c505df0db8e4ac0

  • SHA1

    cacc6395f829abdfd912ce102489e3ce53b0db73

  • SHA256

    ca97aa403f53b2c908df5077d0af0be79d884ddf9948512938815a9f138a3094

  • SHA512

    f9fc28db466df29e9da862d20048cf48823132dace87fd2f3c79281cc0d300afb6d2b937bbf3d67fcc20d6f642d629e9474d99a56938612b3499991cb549a6dc

  • SSDEEP

    12288:pMriy90ircwlKl16RSu6jBQnOAzwEfxeE2auuTnCXAFwgNFrf9K4E34JJIzA:fyqLruNnTzwEcEL+XCwgNF79KvS2zA

Malware Config

Extracted

Family

redline

Botnet

ruzhpe

C2

pepunn.com:4162

Attributes
  • auth_value

    f735ced96ae8d01d0bd1d514240e54e0

Targets

    • Target

      ca97aa403f53b2c908df5077d0af0be79d884ddf9948512938815a9f138a3094N

    • Size

      668KB

    • MD5

      22951d96e0492dd11c505df0db8e4ac0

    • SHA1

      cacc6395f829abdfd912ce102489e3ce53b0db73

    • SHA256

      ca97aa403f53b2c908df5077d0af0be79d884ddf9948512938815a9f138a3094

    • SHA512

      f9fc28db466df29e9da862d20048cf48823132dace87fd2f3c79281cc0d300afb6d2b937bbf3d67fcc20d6f642d629e9474d99a56938612b3499991cb549a6dc

    • SSDEEP

      12288:pMriy90ircwlKl16RSu6jBQnOAzwEfxeE2auuTnCXAFwgNFrf9K4E34JJIzA:fyqLruNnTzwEcEL+XCwgNF79KvS2zA

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks