General

  • Target

    a8b78be57b446bd410323655357545db171f961a99398ad5186046619d3de40f

  • Size

    408KB

  • Sample

    241110-b1tmaaxajg

  • MD5

    c3198f527fb0e490c4132a56955d58e4

  • SHA1

    42af0561306d52568833f4b4bc12b5e4f8fbe76b

  • SHA256

    a8b78be57b446bd410323655357545db171f961a99398ad5186046619d3de40f

  • SHA512

    505582e9005c7964a82152c67fc89bcac00a3bced1b87d1e373f2b112f03ece039115306670e02d6c475fa5873e8e7d2c82ce997d4f67cb953b29a04ec6b45e4

  • SSDEEP

    6144:K9y+bnr+9p0yN90QEBZe9PvWsoQO9Q6qtP1JWYmzBbmayjxqpTsF1V:HMrRy90XEY2tnfmzBb61qpIF1V

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      a8b78be57b446bd410323655357545db171f961a99398ad5186046619d3de40f

    • Size

      408KB

    • MD5

      c3198f527fb0e490c4132a56955d58e4

    • SHA1

      42af0561306d52568833f4b4bc12b5e4f8fbe76b

    • SHA256

      a8b78be57b446bd410323655357545db171f961a99398ad5186046619d3de40f

    • SHA512

      505582e9005c7964a82152c67fc89bcac00a3bced1b87d1e373f2b112f03ece039115306670e02d6c475fa5873e8e7d2c82ce997d4f67cb953b29a04ec6b45e4

    • SSDEEP

      6144:K9y+bnr+9p0yN90QEBZe9PvWsoQO9Q6qtP1JWYmzBbmayjxqpTsF1V:HMrRy90XEY2tnfmzBb61qpIF1V

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks