General

  • Target

    39ae38f243458e817a0693bc2d404ee6154c0cb2d2ea8a6ca97296c5d303d512.exe

  • Size

    387KB

  • Sample

    241113-zm678ayhpj

  • MD5

    1b8e7626b1aa193ab067052400fa6960

  • SHA1

    12be6bc25e0cd640488e7903666d3d75301b78a6

  • SHA256

    39ae38f243458e817a0693bc2d404ee6154c0cb2d2ea8a6ca97296c5d303d512

  • SHA512

    802696213821acf8adcb7e2e3865a58d395934cd947f64d76728fc040224f793906854cc7f327c87542fd28fc9dc0cff84b04a5b106d4643aee92deaa63c4c8d

  • SSDEEP

    12288:PMr2y90odZQW/1NOjZF37ZBWWHECpc9ur/3:9yJu+NOjZF37HpzIy/3

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      39ae38f243458e817a0693bc2d404ee6154c0cb2d2ea8a6ca97296c5d303d512.exe

    • Size

      387KB

    • MD5

      1b8e7626b1aa193ab067052400fa6960

    • SHA1

      12be6bc25e0cd640488e7903666d3d75301b78a6

    • SHA256

      39ae38f243458e817a0693bc2d404ee6154c0cb2d2ea8a6ca97296c5d303d512

    • SHA512

      802696213821acf8adcb7e2e3865a58d395934cd947f64d76728fc040224f793906854cc7f327c87542fd28fc9dc0cff84b04a5b106d4643aee92deaa63c4c8d

    • SSDEEP

      12288:PMr2y90odZQW/1NOjZF37ZBWWHECpc9ur/3:9yJu+NOjZF37HpzIy/3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks