General

  • Target

    93b26874c79a78abcc3c9fa55d8599b324311471bbdeaabd7fc9d8646319376a

  • Size

    726KB

  • Sample

    241110-ml26navjbx

  • MD5

    65d7b7739688bbe768da647ebeeae878

  • SHA1

    ce1a8df3d1c6f4fc8b46f7d6b860a10c30715489

  • SHA256

    93b26874c79a78abcc3c9fa55d8599b324311471bbdeaabd7fc9d8646319376a

  • SHA512

    097c4d862ae20a42a07eaf7fc2909ea8f7de1843996942016cc7a2768d3ce1d621cd6f3d95834ea28ff368b03b93f751110cfef4e7e636e3736efd49584a74d0

  • SSDEEP

    12288:xMrky90SCkOn7VrNp3u6WNWw/mS5WGB2c2IvBNOvk74TFXyqBvzYipoztLK8:5yzCF7VrKNWIfWIvBYvk8TTButLF

Malware Config

Extracted

Family

redline

Botnet

fukia

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5783636fbd9e4f0cf9a017bce02e67e

Targets

    • Target

      93b26874c79a78abcc3c9fa55d8599b324311471bbdeaabd7fc9d8646319376a

    • Size

      726KB

    • MD5

      65d7b7739688bbe768da647ebeeae878

    • SHA1

      ce1a8df3d1c6f4fc8b46f7d6b860a10c30715489

    • SHA256

      93b26874c79a78abcc3c9fa55d8599b324311471bbdeaabd7fc9d8646319376a

    • SHA512

      097c4d862ae20a42a07eaf7fc2909ea8f7de1843996942016cc7a2768d3ce1d621cd6f3d95834ea28ff368b03b93f751110cfef4e7e636e3736efd49584a74d0

    • SSDEEP

      12288:xMrky90SCkOn7VrNp3u6WNWw/mS5WGB2c2IvBNOvk74TFXyqBvzYipoztLK8:5yzCF7VrKNWIfWIvBYvk8TTButLF

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks