General

  • Target

    fcd3b4aaf6ad8766655f0d036b0e0d22dd2a92bd5e5fa5f684fc3f41f9d10d9b

  • Size

    546KB

  • Sample

    241110-dg8m7syalp

  • MD5

    b8eed11da39e5366d7cbb6ca8c134e7d

  • SHA1

    67ede0cbfd81e4d70749289ddb58f432f516b899

  • SHA256

    fcd3b4aaf6ad8766655f0d036b0e0d22dd2a92bd5e5fa5f684fc3f41f9d10d9b

  • SHA512

    d259e04173f9edfbb06a5b7dc0f453c36f78b9f97192b05794a3415ccd89c864dcf182a2adf1d71abe56c13826510865d9c7e497d1d8138e81ef864ec1c3646e

  • SSDEEP

    12288:WMriy90k1PQfR9ZRi9gd+JstFwLJDsPRlB2DtZ:wyIHaesJDiED3

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      fcd3b4aaf6ad8766655f0d036b0e0d22dd2a92bd5e5fa5f684fc3f41f9d10d9b

    • Size

      546KB

    • MD5

      b8eed11da39e5366d7cbb6ca8c134e7d

    • SHA1

      67ede0cbfd81e4d70749289ddb58f432f516b899

    • SHA256

      fcd3b4aaf6ad8766655f0d036b0e0d22dd2a92bd5e5fa5f684fc3f41f9d10d9b

    • SHA512

      d259e04173f9edfbb06a5b7dc0f453c36f78b9f97192b05794a3415ccd89c864dcf182a2adf1d71abe56c13826510865d9c7e497d1d8138e81ef864ec1c3646e

    • SSDEEP

      12288:WMriy90k1PQfR9ZRi9gd+JstFwLJDsPRlB2DtZ:wyIHaesJDiED3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks