General

  • Target

    b4d8a25c71d4f47121911e7c8390a73b70f72389a0503f61f534bc21313e5f0bN.exe

  • Size

    562KB

  • Sample

    241111-ghj8savbpd

  • MD5

    773241521cb0fdd9efb5cf663b6b8bc1

  • SHA1

    bd1a7aa64dfff8144719fbf3baad05da75771a8f

  • SHA256

    e52a3800fc033220756c700818d8fbe8d1aa9dc0e29afd90901f04e54e9a4ea2

  • SHA512

    06148d2270c9279f8c80004dd5330108a9b442668d8b89386b789ee09f9231c8ad2c1d768612f6f7bcf02a46c85aa167888b2396798ef561fd38895c39e7f811

  • SSDEEP

    12288:rMriy90lSZ6//nyXP9jGe3gfIXrN33wqi:Fy8l/yXBGCgwXdi

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      b4d8a25c71d4f47121911e7c8390a73b70f72389a0503f61f534bc21313e5f0bN.exe

    • Size

      562KB

    • MD5

      773241521cb0fdd9efb5cf663b6b8bc1

    • SHA1

      bd1a7aa64dfff8144719fbf3baad05da75771a8f

    • SHA256

      e52a3800fc033220756c700818d8fbe8d1aa9dc0e29afd90901f04e54e9a4ea2

    • SHA512

      06148d2270c9279f8c80004dd5330108a9b442668d8b89386b789ee09f9231c8ad2c1d768612f6f7bcf02a46c85aa167888b2396798ef561fd38895c39e7f811

    • SSDEEP

      12288:rMriy90lSZ6//nyXP9jGe3gfIXrN33wqi:Fy8l/yXBGCgwXdi

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks