General

  • Target

    12f1806859a61a7029a989d2f88de92dda347ac4b7270d488c25d6bfff97dbbaN.exe

  • Size

    374KB

  • Sample

    241118-k68ststbkg

  • MD5

    63dd96ddc054ce0c2606ac290a2aab50

  • SHA1

    dea7036160a3d35612bef6e512700bd63e08e5bd

  • SHA256

    12f1806859a61a7029a989d2f88de92dda347ac4b7270d488c25d6bfff97dbba

  • SHA512

    d2373ee639ba7532f46c1559f060246d32f394a9cbff0406575de073ca5e762c3f8f697537a811cdbd5675c84fcb22c7929f7214ea46def9220a3f92a3058b97

  • SSDEEP

    6144:KEy+bnr+/p0yN90QEgAjksXsGBhwj2Uv/8nbkvgbT+MFDJBU1qXMAX:UMrry90zksF6fv09b7DLb

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      12f1806859a61a7029a989d2f88de92dda347ac4b7270d488c25d6bfff97dbbaN.exe

    • Size

      374KB

    • MD5

      63dd96ddc054ce0c2606ac290a2aab50

    • SHA1

      dea7036160a3d35612bef6e512700bd63e08e5bd

    • SHA256

      12f1806859a61a7029a989d2f88de92dda347ac4b7270d488c25d6bfff97dbba

    • SHA512

      d2373ee639ba7532f46c1559f060246d32f394a9cbff0406575de073ca5e762c3f8f697537a811cdbd5675c84fcb22c7929f7214ea46def9220a3f92a3058b97

    • SSDEEP

      6144:KEy+bnr+/p0yN90QEgAjksXsGBhwj2Uv/8nbkvgbT+MFDJBU1qXMAX:UMrry90zksF6fv09b7DLb

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks