General

  • Target

    71ff94fb37fa29ab9e52dc4793d56a69a0785d4206393773e73200841a1d8909

  • Size

    526KB

  • Sample

    241110-dhbpvs1mek

  • MD5

    089eda338928881f5189f98549a52a61

  • SHA1

    be4933e2acd1fbffa1e8decb9a17f7792afb6e75

  • SHA256

    71ff94fb37fa29ab9e52dc4793d56a69a0785d4206393773e73200841a1d8909

  • SHA512

    9aed339ede07515c3bee21d309498b3997227a420fe935f0a9ddf82f697eca7500f04421e2b56ee13b42e97158a2e8c731bb12dfe354eed616a9b469d01abd74

  • SSDEEP

    12288:uMrky90lnEXI1v/C1XdiGVtbTEBvJTPWVex3sqs:ayG1i1XlMhjGuTs

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      71ff94fb37fa29ab9e52dc4793d56a69a0785d4206393773e73200841a1d8909

    • Size

      526KB

    • MD5

      089eda338928881f5189f98549a52a61

    • SHA1

      be4933e2acd1fbffa1e8decb9a17f7792afb6e75

    • SHA256

      71ff94fb37fa29ab9e52dc4793d56a69a0785d4206393773e73200841a1d8909

    • SHA512

      9aed339ede07515c3bee21d309498b3997227a420fe935f0a9ddf82f697eca7500f04421e2b56ee13b42e97158a2e8c731bb12dfe354eed616a9b469d01abd74

    • SSDEEP

      12288:uMrky90lnEXI1v/C1XdiGVtbTEBvJTPWVex3sqs:ayG1i1XlMhjGuTs

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks