General

  • Target

    654f1da92734f3732f9897a476434b049db61d63491b75247cf3d856c480815f

  • Size

    526KB

  • Sample

    241111-b5v1xaypev

  • MD5

    aa51d5a5a7d824a91252cb7013be08db

  • SHA1

    bec03cc27bdf35ac397f57c4ab392c0949eb5582

  • SHA256

    654f1da92734f3732f9897a476434b049db61d63491b75247cf3d856c480815f

  • SHA512

    6bb12451cd5ec37510ced848decc01742ee2cc9a158cd4c9f802a4c787901796a4cf7767e2b924298f6a50a841643b9bc3fdd39103c89f468725ecac9b8e1cec

  • SSDEEP

    12288:FMrUy901N56gGISAMiubD7EAF1PZ44bjsgQXCOKwW:1yi5QAED9PvQin

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      654f1da92734f3732f9897a476434b049db61d63491b75247cf3d856c480815f

    • Size

      526KB

    • MD5

      aa51d5a5a7d824a91252cb7013be08db

    • SHA1

      bec03cc27bdf35ac397f57c4ab392c0949eb5582

    • SHA256

      654f1da92734f3732f9897a476434b049db61d63491b75247cf3d856c480815f

    • SHA512

      6bb12451cd5ec37510ced848decc01742ee2cc9a158cd4c9f802a4c787901796a4cf7767e2b924298f6a50a841643b9bc3fdd39103c89f468725ecac9b8e1cec

    • SSDEEP

      12288:FMrUy901N56gGISAMiubD7EAF1PZ44bjsgQXCOKwW:1yi5QAED9PvQin

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.