General

  • Target

    fda75ccf39376767255d2ebdf62bde9d5ec283a0f1ce9b9f3d642c706682c2fd

  • Size

    481KB

  • Sample

    241111-cf7tvazhlf

  • MD5

    27fa3487181a83f3d50518512e8e6cb9

  • SHA1

    56833aa68a5e1249ef0d488fdc94df2fb644bf69

  • SHA256

    fda75ccf39376767255d2ebdf62bde9d5ec283a0f1ce9b9f3d642c706682c2fd

  • SHA512

    68aaa56756c5179729c8042d5d498ca61e146309d65300b361295ae0b23c60b116a769cc12efa308ceff7e5752d7d92aa00bbbcd5a36ef4f2d037c285a2d5580

  • SSDEEP

    12288:IMrBy90W3gE8zi8peNb7vggs9Keefm0UWauB:ZyFC2YefmrWauB

Malware Config

Extracted

Family

redline

Botnet

mofun

C2

217.196.96.101:4132

Attributes
  • auth_value

    da5d4987d25c2de43d34fcc99b29fff3

Targets

    • Target

      fda75ccf39376767255d2ebdf62bde9d5ec283a0f1ce9b9f3d642c706682c2fd

    • Size

      481KB

    • MD5

      27fa3487181a83f3d50518512e8e6cb9

    • SHA1

      56833aa68a5e1249ef0d488fdc94df2fb644bf69

    • SHA256

      fda75ccf39376767255d2ebdf62bde9d5ec283a0f1ce9b9f3d642c706682c2fd

    • SHA512

      68aaa56756c5179729c8042d5d498ca61e146309d65300b361295ae0b23c60b116a769cc12efa308ceff7e5752d7d92aa00bbbcd5a36ef4f2d037c285a2d5580

    • SSDEEP

      12288:IMrBy90W3gE8zi8peNb7vggs9Keefm0UWauB:ZyFC2YefmrWauB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks