General

  • Target

    6ceb455df5665f75565bb10872bd5181314d135c8928df63ad5c9e83769f9c24

  • Size

    530KB

  • Sample

    241110-b3bjgszkdl

  • MD5

    5a3d0fff06b5ef9ae2813c537eefe215

  • SHA1

    083593db18db69a502a651e6d3c5c5523ffccbeb

  • SHA256

    6ceb455df5665f75565bb10872bd5181314d135c8928df63ad5c9e83769f9c24

  • SHA512

    8614dd98ed867c62fd86cabd8e11ef83b121f31cad6dd5e436adb850b0f2a57796dc5858332d877ca25b28116ffd84789771b4d5a7ae3641fd2b8a1395821303

  • SSDEEP

    12288:xMr8y90aib99mP7Jf7zmrXWKjDomqFcwe48GEKpCPIrq75qpttJT:5y4h9+JPAX93omcBi5VItJT

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      6ceb455df5665f75565bb10872bd5181314d135c8928df63ad5c9e83769f9c24

    • Size

      530KB

    • MD5

      5a3d0fff06b5ef9ae2813c537eefe215

    • SHA1

      083593db18db69a502a651e6d3c5c5523ffccbeb

    • SHA256

      6ceb455df5665f75565bb10872bd5181314d135c8928df63ad5c9e83769f9c24

    • SHA512

      8614dd98ed867c62fd86cabd8e11ef83b121f31cad6dd5e436adb850b0f2a57796dc5858332d877ca25b28116ffd84789771b4d5a7ae3641fd2b8a1395821303

    • SSDEEP

      12288:xMr8y90aib99mP7Jf7zmrXWKjDomqFcwe48GEKpCPIrq75qpttJT:5y4h9+JPAX93omcBi5VItJT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks