General

  • Target

    b2201fb3ab87c2a38fd3993eb808c1dcbcb58a5b1169747d165d390c6e5a2224

  • Size

    666KB

  • Sample

    241110-bmtecsyqcq

  • MD5

    5aa96fc92eef0fd05b8382d93296c588

  • SHA1

    fe1c95d494064a258bbffbfe803b09d6751e8c33

  • SHA256

    b2201fb3ab87c2a38fd3993eb808c1dcbcb58a5b1169747d165d390c6e5a2224

  • SHA512

    6f7b91e7f301b06dd8a8946c08e3cac28e9fb27c812834ecbc6a51ef1dee4f193e4f910c65ec231c7717e152a3dda3b66f6a0d96f161dd514ec273c63190409e

  • SSDEEP

    12288:NMrQy90LmTI2QTJZx9xVa2wa2yMwN+ukS0w2EYhW7hq1hGcKDjq5:FyWvtZx9/Ia2HurW7WChGRs

Malware Config

Extracted

Family

redline

Botnet

ruzhpe

C2

pepunn.com:4162

Attributes
  • auth_value

    f735ced96ae8d01d0bd1d514240e54e0

Targets

    • Target

      b2201fb3ab87c2a38fd3993eb808c1dcbcb58a5b1169747d165d390c6e5a2224

    • Size

      666KB

    • MD5

      5aa96fc92eef0fd05b8382d93296c588

    • SHA1

      fe1c95d494064a258bbffbfe803b09d6751e8c33

    • SHA256

      b2201fb3ab87c2a38fd3993eb808c1dcbcb58a5b1169747d165d390c6e5a2224

    • SHA512

      6f7b91e7f301b06dd8a8946c08e3cac28e9fb27c812834ecbc6a51ef1dee4f193e4f910c65ec231c7717e152a3dda3b66f6a0d96f161dd514ec273c63190409e

    • SSDEEP

      12288:NMrQy90LmTI2QTJZx9xVa2wa2yMwN+ukS0w2EYhW7hq1hGcKDjq5:FyWvtZx9/Ia2HurW7WChGRs

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks