General

  • Target

    30352721996097fcfb7888879a6508ca5edb32fee2287e37616cb4d260258d0b

  • Size

    482KB

  • Sample

    241110-avtjnaware

  • MD5

    f746cfab0d621936ae113df2cb658d29

  • SHA1

    33ae624a6cc64756464b82ae162d94e4bd6179e4

  • SHA256

    30352721996097fcfb7888879a6508ca5edb32fee2287e37616cb4d260258d0b

  • SHA512

    c96beea62bd775723d329b915a2ee3313af53f31910a32ffbe4c38f127e6693f927c38f0e9fa72dc879bf12561a4c22c3bc3c1cab36a254acb917168df0a03bc

  • SSDEEP

    12288:UMr2y90lXVFbpX8IuSQHXENDjjz6eiF3Dg:yyUVppX8THXENDXPG3Dg

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      30352721996097fcfb7888879a6508ca5edb32fee2287e37616cb4d260258d0b

    • Size

      482KB

    • MD5

      f746cfab0d621936ae113df2cb658d29

    • SHA1

      33ae624a6cc64756464b82ae162d94e4bd6179e4

    • SHA256

      30352721996097fcfb7888879a6508ca5edb32fee2287e37616cb4d260258d0b

    • SHA512

      c96beea62bd775723d329b915a2ee3313af53f31910a32ffbe4c38f127e6693f927c38f0e9fa72dc879bf12561a4c22c3bc3c1cab36a254acb917168df0a03bc

    • SSDEEP

      12288:UMr2y90lXVFbpX8IuSQHXENDjjz6eiF3Dg:yyUVppX8THXENDXPG3Dg

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks