General

  • Target

    471eeb89dc9781b88b4925b9a1bd9b4672bff344f0f10b4d0ac6fcbd47b41f90

  • Size

    478KB

  • Sample

    241110-wv2e6avphl

  • MD5

    19bb79d9f5ee3ce03853db4bca2ae407

  • SHA1

    23f6cbddc1d03ed56cdc97ba97a987b85cf366e5

  • SHA256

    471eeb89dc9781b88b4925b9a1bd9b4672bff344f0f10b4d0ac6fcbd47b41f90

  • SHA512

    ed6a255b729b07e03746055be82f4917e2f0ef31aed9f08a20423fd53a6aca18b0136ad7ba177da244fd33e8e916e729730794f10cd1c0586a820c4ce22a50a8

  • SSDEEP

    6144:Kjy+bnr+kp0yN90QEl+zFGswVHpbzUQ9e/PhWWYOUvT8nbkvSyT+AFHJBU1qVMAi:xMrAy90L+1wV6Q94Wlv4TyXHLc

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      471eeb89dc9781b88b4925b9a1bd9b4672bff344f0f10b4d0ac6fcbd47b41f90

    • Size

      478KB

    • MD5

      19bb79d9f5ee3ce03853db4bca2ae407

    • SHA1

      23f6cbddc1d03ed56cdc97ba97a987b85cf366e5

    • SHA256

      471eeb89dc9781b88b4925b9a1bd9b4672bff344f0f10b4d0ac6fcbd47b41f90

    • SHA512

      ed6a255b729b07e03746055be82f4917e2f0ef31aed9f08a20423fd53a6aca18b0136ad7ba177da244fd33e8e916e729730794f10cd1c0586a820c4ce22a50a8

    • SSDEEP

      6144:Kjy+bnr+kp0yN90QEl+zFGswVHpbzUQ9e/PhWWYOUvT8nbkvSyT+AFHJBU1qVMAi:xMrAy90L+1wV6Q94Wlv4TyXHLc

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks