General

  • Target

    b329f0fda98d1ce2fd4748e699fb0d347272f41bd002a84ddb57a83f4e5c5b84

  • Size

    569KB

  • Sample

    241111-mv59nsybpm

  • MD5

    7a472d1ea9d536bac06814998872ac79

  • SHA1

    f3742bb745286ea0edd757e078c59ffe2be16384

  • SHA256

    b329f0fda98d1ce2fd4748e699fb0d347272f41bd002a84ddb57a83f4e5c5b84

  • SHA512

    78615c778a644f6c5989d748753dc75b6c0e96eaff0c2c8753090fea5f31c73622aceffed0b07bbcb83354d73460c4461c065724c5e0bdd7de6c6f54839a8373

  • SSDEEP

    12288:1Mr8y90mahimz7AuxqVufv2t1GWFb2jSrIhc8V5b:ZyHsVAuxYufvcbgjS8e83

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      b329f0fda98d1ce2fd4748e699fb0d347272f41bd002a84ddb57a83f4e5c5b84

    • Size

      569KB

    • MD5

      7a472d1ea9d536bac06814998872ac79

    • SHA1

      f3742bb745286ea0edd757e078c59ffe2be16384

    • SHA256

      b329f0fda98d1ce2fd4748e699fb0d347272f41bd002a84ddb57a83f4e5c5b84

    • SHA512

      78615c778a644f6c5989d748753dc75b6c0e96eaff0c2c8753090fea5f31c73622aceffed0b07bbcb83354d73460c4461c065724c5e0bdd7de6c6f54839a8373

    • SSDEEP

      12288:1Mr8y90mahimz7AuxqVufv2t1GWFb2jSrIhc8V5b:ZyHsVAuxYufvcbgjS8e83

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks