General

  • Target

    d07f0497348268163a58078e24ee750697fcad6d8d85487dd274a6c94a5e9fdf

  • Size

    668KB

  • Sample

    241111-gvgcnavdjg

  • MD5

    21c3baebed5e6609858061388282fd29

  • SHA1

    503839b6c186b31f98654872e3929356e11ca612

  • SHA256

    d07f0497348268163a58078e24ee750697fcad6d8d85487dd274a6c94a5e9fdf

  • SHA512

    f25055620892b20a681564072aa1d9f9087770453afb7e5b2b4435ff935eb2bffcb6be4ac9f9387205d68dc0918a3006bee184e555e514142c3ecf045c22c486

  • SSDEEP

    12288:tMrqy90bJ6apxaCheAEfxNhsyf2cuMTnUXAFwyNFrf9K4EH4zJ34iygw:DyJapxxheAEzi89oXCwyNF79K/Ihe

Malware Config

Extracted

Family

redline

Botnet

ruzhpe

C2

pepunn.com:4162

Attributes
  • auth_value

    f735ced96ae8d01d0bd1d514240e54e0

Targets

    • Target

      d07f0497348268163a58078e24ee750697fcad6d8d85487dd274a6c94a5e9fdf

    • Size

      668KB

    • MD5

      21c3baebed5e6609858061388282fd29

    • SHA1

      503839b6c186b31f98654872e3929356e11ca612

    • SHA256

      d07f0497348268163a58078e24ee750697fcad6d8d85487dd274a6c94a5e9fdf

    • SHA512

      f25055620892b20a681564072aa1d9f9087770453afb7e5b2b4435ff935eb2bffcb6be4ac9f9387205d68dc0918a3006bee184e555e514142c3ecf045c22c486

    • SSDEEP

      12288:tMrqy90bJ6apxaCheAEfxNhsyf2cuMTnUXAFwyNFrf9K4EH4zJ34iygw:DyJapxxheAEzi89oXCwyNF79K/Ihe

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks