General

  • Target

    8cef5c3cae70c0ca19368de4ab2b94426ec8eb2b5df49dda6b89bc954c457282

  • Size

    526KB

  • Sample

    241110-by5lrswhng

  • MD5

    12a34e963d3620745fc33d5bcbcbcc26

  • SHA1

    c8444dd1e6fc3502df7f4988c0d0dd5f57907f95

  • SHA256

    8cef5c3cae70c0ca19368de4ab2b94426ec8eb2b5df49dda6b89bc954c457282

  • SHA512

    407641c25c5db0965a665bd0c063a1d94cd574abfd3e1f99a433468ca22eb81823d00c80194d11e8dd57e10e1f555b1e6317c0c43423c8979474a2bfc735cd82

  • SSDEEP

    12288:4MrLy90UmTJiG367NUZUCVtmnD1daye8eVWa1:DypkdT9sayefW2

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      8cef5c3cae70c0ca19368de4ab2b94426ec8eb2b5df49dda6b89bc954c457282

    • Size

      526KB

    • MD5

      12a34e963d3620745fc33d5bcbcbcc26

    • SHA1

      c8444dd1e6fc3502df7f4988c0d0dd5f57907f95

    • SHA256

      8cef5c3cae70c0ca19368de4ab2b94426ec8eb2b5df49dda6b89bc954c457282

    • SHA512

      407641c25c5db0965a665bd0c063a1d94cd574abfd3e1f99a433468ca22eb81823d00c80194d11e8dd57e10e1f555b1e6317c0c43423c8979474a2bfc735cd82

    • SSDEEP

      12288:4MrLy90UmTJiG367NUZUCVtmnD1daye8eVWa1:DypkdT9sayefW2

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks