General

  • Target

    f9d947dd3c7a438e806dcfe9d082cb3f7c093f24c2adb6d181ec816b1f07f61d

  • Size

    530KB

  • Sample

    241110-eknmwaymfv

  • MD5

    2318fcb0275353f53365740765b41ddb

  • SHA1

    fea0319a5a932297e8b47a4d985a7c648af01373

  • SHA256

    f9d947dd3c7a438e806dcfe9d082cb3f7c093f24c2adb6d181ec816b1f07f61d

  • SHA512

    625fe79fe59258f8ca3ff28e9e5ba08a2ac09a7ca312d92f5d0ea1881c8be00eb91fc277cb1866d60a1770125b2d3c02472c08ed80e01c2937c73421c4da2d3f

  • SSDEEP

    12288:BMrry90bqb+skYHUaJ7m2T+SWsSDom4FURew5J5bvmwToQY7O:OyWqbfFUg7yS1ComOszddT3/

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      f9d947dd3c7a438e806dcfe9d082cb3f7c093f24c2adb6d181ec816b1f07f61d

    • Size

      530KB

    • MD5

      2318fcb0275353f53365740765b41ddb

    • SHA1

      fea0319a5a932297e8b47a4d985a7c648af01373

    • SHA256

      f9d947dd3c7a438e806dcfe9d082cb3f7c093f24c2adb6d181ec816b1f07f61d

    • SHA512

      625fe79fe59258f8ca3ff28e9e5ba08a2ac09a7ca312d92f5d0ea1881c8be00eb91fc277cb1866d60a1770125b2d3c02472c08ed80e01c2937c73421c4da2d3f

    • SSDEEP

      12288:BMrry90bqb+skYHUaJ7m2T+SWsSDom4FURew5J5bvmwToQY7O:OyWqbfFUg7yS1ComOszddT3/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks