General

  • Target

    2e1df4e79d32c0a903c858a262b1074e90a52a63defd0da71ec18e8c0cb0fa01

  • Size

    560KB

  • Sample

    241113-zpf4tayjgy

  • MD5

    09e1d0fa3af180dec0c9ea62a6b95a40

  • SHA1

    faeeb39c727f89be9cb12ce74f55e3ada8e92b49

  • SHA256

    2e1df4e79d32c0a903c858a262b1074e90a52a63defd0da71ec18e8c0cb0fa01

  • SHA512

    0489aa001d46fcd781083c23dbf20df6ac6bcafcc13f33a1f1a3f41f562ac0304fedecab1aa405e3cc6839bf23de0333e3c50f01e21d8a5e0846e0a0148a00c2

  • SSDEEP

    12288:OMrNy90YZFuSpCo0ZFCk6qu8AOKqMdg3kq02Vm69jhT3DUhYg:PyXRpCNvCk6qgJNgJ02b9FTzUh9

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      2e1df4e79d32c0a903c858a262b1074e90a52a63defd0da71ec18e8c0cb0fa01

    • Size

      560KB

    • MD5

      09e1d0fa3af180dec0c9ea62a6b95a40

    • SHA1

      faeeb39c727f89be9cb12ce74f55e3ada8e92b49

    • SHA256

      2e1df4e79d32c0a903c858a262b1074e90a52a63defd0da71ec18e8c0cb0fa01

    • SHA512

      0489aa001d46fcd781083c23dbf20df6ac6bcafcc13f33a1f1a3f41f562ac0304fedecab1aa405e3cc6839bf23de0333e3c50f01e21d8a5e0846e0a0148a00c2

    • SSDEEP

      12288:OMrNy90YZFuSpCo0ZFCk6qu8AOKqMdg3kq02Vm69jhT3DUhYg:PyXRpCNvCk6qgJNgJ02b9FTzUh9

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks