General

  • Target

    4f4734f2e85e0fd2e0896c97a379fe20c06dcd08e2db15b89b2ed82ebd0c8294N.exe

  • Size

    411KB

  • Sample

    241113-rvyl2stdkb

  • MD5

    b613a44fe3110db50bd7006dbf785a10

  • SHA1

    7f6f853ecea4a40305389e3b901c48665a65be0e

  • SHA256

    4f4734f2e85e0fd2e0896c97a379fe20c06dcd08e2db15b89b2ed82ebd0c8294

  • SHA512

    f003700c780a040f350e30653754a4725ff155fecc8f1b31222e3450c6e0138cf3b69bd06c8353d264a7566f400fafeee7cbeec7b98cd5360cbbb362429a72b9

  • SSDEEP

    6144:Kgy+bnr+Ip0yN90QEYFVmkPoMT4nQ+dAMwPNDCg7Gc/aeqMDpe3j:IMrMy90odW9drwtH7GcCelD8

Malware Config

Extracted

Family

redline

Botnet

ruzhpe

C2

pepunn.com:4162

Attributes
  • auth_value

    f735ced96ae8d01d0bd1d514240e54e0

Targets

    • Target

      4f4734f2e85e0fd2e0896c97a379fe20c06dcd08e2db15b89b2ed82ebd0c8294N.exe

    • Size

      411KB

    • MD5

      b613a44fe3110db50bd7006dbf785a10

    • SHA1

      7f6f853ecea4a40305389e3b901c48665a65be0e

    • SHA256

      4f4734f2e85e0fd2e0896c97a379fe20c06dcd08e2db15b89b2ed82ebd0c8294

    • SHA512

      f003700c780a040f350e30653754a4725ff155fecc8f1b31222e3450c6e0138cf3b69bd06c8353d264a7566f400fafeee7cbeec7b98cd5360cbbb362429a72b9

    • SSDEEP

      6144:Kgy+bnr+Ip0yN90QEYFVmkPoMT4nQ+dAMwPNDCg7Gc/aeqMDpe3j:IMrMy90odW9drwtH7GcCelD8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks