General

  • Target

    5bdb092a5b9ec2390cb8e65666da2ebf3ee01ef0f5a84c97fb76b8afe99323f0.exe

  • Size

    415KB

  • Sample

    241113-ztr2waslhm

  • MD5

    ce5734cddcdd3e70dd2b65db9300a06b

  • SHA1

    859a775ae02e561690c5a2b79e1295e59128c4b8

  • SHA256

    5bdb092a5b9ec2390cb8e65666da2ebf3ee01ef0f5a84c97fb76b8afe99323f0

  • SHA512

    684623c4b9645f7d085aa878d1911be5ab758d10c406aa5867818817e6631f9e36438c296fec054aaafb19931b35cd4532fbc2124d780898d57be9b7d8b0f0fa

  • SSDEEP

    6144:KRy+bnr+Pp0yN90QEi24x3bpR8b+BF5pwAGKFx/Sb+dlrlEY5Ty1knXs21:bMrDy90YJx1m8FnVGKT/Ew0U26c21

Malware Config

Extracted

Family

redline

Botnet

fud

C2

193.233.20.27:4123

Attributes
  • auth_value

    cddc991efd6918ad5321d80dac884b40

Targets

    • Target

      5bdb092a5b9ec2390cb8e65666da2ebf3ee01ef0f5a84c97fb76b8afe99323f0.exe

    • Size

      415KB

    • MD5

      ce5734cddcdd3e70dd2b65db9300a06b

    • SHA1

      859a775ae02e561690c5a2b79e1295e59128c4b8

    • SHA256

      5bdb092a5b9ec2390cb8e65666da2ebf3ee01ef0f5a84c97fb76b8afe99323f0

    • SHA512

      684623c4b9645f7d085aa878d1911be5ab758d10c406aa5867818817e6631f9e36438c296fec054aaafb19931b35cd4532fbc2124d780898d57be9b7d8b0f0fa

    • SSDEEP

      6144:KRy+bnr+Pp0yN90QEi24x3bpR8b+BF5pwAGKFx/Sb+dlrlEY5Ty1knXs21:bMrDy90YJx1m8FnVGKT/Ew0U26c21

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks