General

  • Target

    3f0c513879a2305ff78a4cac3b77d39790d007a418452115485b258894a94a3e

  • Size

    1.3MB

  • Sample

    241110-bvjvwswgqh

  • MD5

    cfdb853d39290853fc5e1d519117ba57

  • SHA1

    7a27f02fa637fde74e451007e31c5119b0fff854

  • SHA256

    3f0c513879a2305ff78a4cac3b77d39790d007a418452115485b258894a94a3e

  • SHA512

    75526f6cd15155622e9fa4863cfe77deb3765f3207d72108f7fba2a44a0b12ce37eaf224607ec04d6574fb42f3c5c4b8df8ed6cbc610ef7da16d596f876c7618

  • SSDEEP

    24576:1yL3+dueA7n2+HWZJCV48YC0dcIZtBUdMyYwvkMp7k:Qz+NK/2ZJCVFGdzZtq3YGko7

Malware Config

Extracted

Family

redline

Botnet

ronur

C2

193.233.20.20:4134

Attributes
  • auth_value

    f88f86755a528d4b25f6f3628c460965

Targets

    • Target

      3f0c513879a2305ff78a4cac3b77d39790d007a418452115485b258894a94a3e

    • Size

      1.3MB

    • MD5

      cfdb853d39290853fc5e1d519117ba57

    • SHA1

      7a27f02fa637fde74e451007e31c5119b0fff854

    • SHA256

      3f0c513879a2305ff78a4cac3b77d39790d007a418452115485b258894a94a3e

    • SHA512

      75526f6cd15155622e9fa4863cfe77deb3765f3207d72108f7fba2a44a0b12ce37eaf224607ec04d6574fb42f3c5c4b8df8ed6cbc610ef7da16d596f876c7618

    • SSDEEP

      24576:1yL3+dueA7n2+HWZJCV48YC0dcIZtBUdMyYwvkMp7k:Qz+NK/2ZJCVFGdzZtq3YGko7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks