General

  • Target

    4744f39513beaf0bf16db57b0dc671de40bcf8f93579b40718618daecadf4bdd

  • Size

    477KB

  • Sample

    241110-z476vaward

  • MD5

    90abeea85fcfb6fa909c8665cce0fe36

  • SHA1

    2c2380404684912ae59cc75a0dcaf4d05cfadfc7

  • SHA256

    4744f39513beaf0bf16db57b0dc671de40bcf8f93579b40718618daecadf4bdd

  • SHA512

    11648e9f785ee988b35a2afbd07c90c468179c71031ddc464288adaf9c0dc5378e9a6e71500700415ae35cefb5cc9755d490d7f85c33b3c7d005c0dfc0830f88

  • SSDEEP

    12288:GMrZy90jkPVjt/JAUUJ3NjnAP+ZuGrDn6uf2:LyvVx/C3FIGrB2

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      4744f39513beaf0bf16db57b0dc671de40bcf8f93579b40718618daecadf4bdd

    • Size

      477KB

    • MD5

      90abeea85fcfb6fa909c8665cce0fe36

    • SHA1

      2c2380404684912ae59cc75a0dcaf4d05cfadfc7

    • SHA256

      4744f39513beaf0bf16db57b0dc671de40bcf8f93579b40718618daecadf4bdd

    • SHA512

      11648e9f785ee988b35a2afbd07c90c468179c71031ddc464288adaf9c0dc5378e9a6e71500700415ae35cefb5cc9755d490d7f85c33b3c7d005c0dfc0830f88

    • SSDEEP

      12288:GMrZy90jkPVjt/JAUUJ3NjnAP+ZuGrDn6uf2:LyvVx/C3FIGrB2

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks