General

  • Target

    1c76e2062236bac7537f2b9b4544e79a10b4d6ef3739da4e237406fd5104f85c

  • Size

    570KB

  • Sample

    241112-yx7q3atlam

  • MD5

    50e4b16a1e346595ca01d9a6fcecac7c

  • SHA1

    602b5caaab64c5e25d545cb10a243d258b9028bb

  • SHA256

    1c76e2062236bac7537f2b9b4544e79a10b4d6ef3739da4e237406fd5104f85c

  • SHA512

    dd7f3d46f8c0156b5d856a5478dda42852a713ce862367b4c80ec042c871e818699ff3edda58f669c4a9bf174042a628e85577c5b7c58c995c3ad2ac666209e0

  • SSDEEP

    12288:7Mrxy90dahimz7AuxqV2KnxfUEQBOMel19QdS2QPeY1:myEsVAuxYfnq7UMgsdSzPt

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      1c76e2062236bac7537f2b9b4544e79a10b4d6ef3739da4e237406fd5104f85c

    • Size

      570KB

    • MD5

      50e4b16a1e346595ca01d9a6fcecac7c

    • SHA1

      602b5caaab64c5e25d545cb10a243d258b9028bb

    • SHA256

      1c76e2062236bac7537f2b9b4544e79a10b4d6ef3739da4e237406fd5104f85c

    • SHA512

      dd7f3d46f8c0156b5d856a5478dda42852a713ce862367b4c80ec042c871e818699ff3edda58f669c4a9bf174042a628e85577c5b7c58c995c3ad2ac666209e0

    • SSDEEP

      12288:7Mrxy90dahimz7AuxqV2KnxfUEQBOMel19QdS2QPeY1:myEsVAuxYfnq7UMgsdSzPt

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks