General

  • Target

    0ece66e785f8a335553d681563dc2cff6e17126fcd2609bb72a8d5a2cb3f79c1

  • Size

    562KB

  • Sample

    241110-btd81syrdp

  • MD5

    6461965a4cf476078b1f0e645b08df10

  • SHA1

    ed665d9d0b4d9175ae88d321788ca5424e5f2d24

  • SHA256

    0ece66e785f8a335553d681563dc2cff6e17126fcd2609bb72a8d5a2cb3f79c1

  • SHA512

    3f816ccfe324da4a28e7079e9081143cc17336b55a2fa63ca30ccc865be46c57c7a311d0f7ba2d0543ab21924d1147a6c98b3525c0f219565f5e02919d7eefde

  • SSDEEP

    12288:RMr+y90H2D56be7jyeAM1HE9OoFYi/bS83T7SsTlDs2B:byf6yPLHToFYq/Ttae

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      0ece66e785f8a335553d681563dc2cff6e17126fcd2609bb72a8d5a2cb3f79c1

    • Size

      562KB

    • MD5

      6461965a4cf476078b1f0e645b08df10

    • SHA1

      ed665d9d0b4d9175ae88d321788ca5424e5f2d24

    • SHA256

      0ece66e785f8a335553d681563dc2cff6e17126fcd2609bb72a8d5a2cb3f79c1

    • SHA512

      3f816ccfe324da4a28e7079e9081143cc17336b55a2fa63ca30ccc865be46c57c7a311d0f7ba2d0543ab21924d1147a6c98b3525c0f219565f5e02919d7eefde

    • SSDEEP

      12288:RMr+y90H2D56be7jyeAM1HE9OoFYi/bS83T7SsTlDs2B:byf6yPLHToFYq/Ttae

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks