General

  • Target

    8f7dbff282c4d6e8e3f93ba74723febddc0bfc82ac55c07791f58d4158f62c46

  • Size

    522KB

  • Sample

    241110-ass54svhlp

  • MD5

    ebacd37b48cfdfcf270cad9da0912b05

  • SHA1

    b7c99a8e93a2b53338e8d27ade83defaf97fbaf8

  • SHA256

    8f7dbff282c4d6e8e3f93ba74723febddc0bfc82ac55c07791f58d4158f62c46

  • SHA512

    6e36817fa18c3171fda9740b3adfe489646eb72a2ceeb8390a10cb7da40c50989c1bd6248b82eb5cec12789ae57620a0648e0e082ee685897278d754780a4ad1

  • SSDEEP

    12288:wMrgy90vpUUJ+XoGE5k4qNmmR3X6NqP0Q3QxLISYbw:AyyUfoGE5y3wJQ3QxL

Malware Config

Extracted

Family

redline

Botnet

ruzhpe

C2

pepunn.com:4162

Attributes
  • auth_value

    f735ced96ae8d01d0bd1d514240e54e0

Targets

    • Target

      8f7dbff282c4d6e8e3f93ba74723febddc0bfc82ac55c07791f58d4158f62c46

    • Size

      522KB

    • MD5

      ebacd37b48cfdfcf270cad9da0912b05

    • SHA1

      b7c99a8e93a2b53338e8d27ade83defaf97fbaf8

    • SHA256

      8f7dbff282c4d6e8e3f93ba74723febddc0bfc82ac55c07791f58d4158f62c46

    • SHA512

      6e36817fa18c3171fda9740b3adfe489646eb72a2ceeb8390a10cb7da40c50989c1bd6248b82eb5cec12789ae57620a0648e0e082ee685897278d754780a4ad1

    • SSDEEP

      12288:wMrgy90vpUUJ+XoGE5k4qNmmR3X6NqP0Q3QxLISYbw:AyyUfoGE5y3wJQ3QxL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks