General

  • Target

    18d6d1dccb443cc7bde7285e9f1cdf130d8e24de7e734331fcc0071e2bcc6b42

  • Size

    525KB

  • Sample

    241111-gln15stgqp

  • MD5

    c3a05fa2c254b0c4f235bb5a9dd0fd11

  • SHA1

    913ec8e5045cd1c8debb036b236c53fb77028f77

  • SHA256

    18d6d1dccb443cc7bde7285e9f1cdf130d8e24de7e734331fcc0071e2bcc6b42

  • SHA512

    c4b24da09a86fbfa223397e146df43a71df3c81948943e944059cae8087a90339ee6c4f417f6f6c15edaa68a51816bbb498635bd448165ab64662080c6e7232c

  • SSDEEP

    12288:VMrWy90h+Oea7Vyp8klt8eKVy2fch2C7hVPJX7JP2cc:Dyu+OTZyp8kj8eqyT5XlP2cc

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      18d6d1dccb443cc7bde7285e9f1cdf130d8e24de7e734331fcc0071e2bcc6b42

    • Size

      525KB

    • MD5

      c3a05fa2c254b0c4f235bb5a9dd0fd11

    • SHA1

      913ec8e5045cd1c8debb036b236c53fb77028f77

    • SHA256

      18d6d1dccb443cc7bde7285e9f1cdf130d8e24de7e734331fcc0071e2bcc6b42

    • SHA512

      c4b24da09a86fbfa223397e146df43a71df3c81948943e944059cae8087a90339ee6c4f417f6f6c15edaa68a51816bbb498635bd448165ab64662080c6e7232c

    • SSDEEP

      12288:VMrWy90h+Oea7Vyp8klt8eKVy2fch2C7hVPJX7JP2cc:Dyu+OTZyp8kj8eqyT5XlP2cc

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks