General

  • Target

    203f82ff77a5fc77eadbc88884e36d6fb9f4202028fa2d8586e800187e825a4f

  • Size

    478KB

  • Sample

    241110-cwpcfaxfnh

  • MD5

    e2ce6ff15d513aa9cf6a4a6c2575e56e

  • SHA1

    43880185026f58f38a6d568875b90f90faffd6f5

  • SHA256

    203f82ff77a5fc77eadbc88884e36d6fb9f4202028fa2d8586e800187e825a4f

  • SHA512

    90d9ec361bcad28ebe7bb708a589c3645a03bd6a8efbddb2c69ac182aec31c70a273306c5efaf97d26186a5f8b9056c2bcd0fc780e602f19880b80c279eec1fd

  • SSDEEP

    12288:MMr7y90N0JNLwL4+rca/wfNHW/e8CU2M8MvG:Xy+Ldrtwf+CMjG

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      203f82ff77a5fc77eadbc88884e36d6fb9f4202028fa2d8586e800187e825a4f

    • Size

      478KB

    • MD5

      e2ce6ff15d513aa9cf6a4a6c2575e56e

    • SHA1

      43880185026f58f38a6d568875b90f90faffd6f5

    • SHA256

      203f82ff77a5fc77eadbc88884e36d6fb9f4202028fa2d8586e800187e825a4f

    • SHA512

      90d9ec361bcad28ebe7bb708a589c3645a03bd6a8efbddb2c69ac182aec31c70a273306c5efaf97d26186a5f8b9056c2bcd0fc780e602f19880b80c279eec1fd

    • SSDEEP

      12288:MMr7y90N0JNLwL4+rca/wfNHW/e8CU2M8MvG:Xy+Ldrtwf+CMjG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks