Overview

overview

10

Static

static

3

urdG51OK22.exe

windows7-x64

10

urdG51OK22.exe

windows10-2004-x64

10

wrhf66hI61.exe

windows7-x64

10

wrhf66hI61.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19e29c4408e7734cffd36f254a83fbb5463d65d651dfdcd52f74a129a69f3036N.cab

  • Size

    360KB

  • Sample

    241211-hfyh3a1ng1

  • MD5

    6cc213e3b0fe3a95f58883272f07fb30

  • SHA1

    5d3c974fa8ec88dfd6e5fa92aed569bbedaee9ff

  • SHA256

    19e29c4408e7734cffd36f254a83fbb5463d65d651dfdcd52f74a129a69f3036

  • SHA512

    49c2eca8d72636d343d5d4de6d52ef9dc0660496f7f61df4c88da5d442f35b201cceda00ed5aa3bdebc8ac56797260d558e48912377c2ed68872a4bc09b254fc

  • SSDEEP

    6144:2OFmelWCD6R2mCDHMDO7oNPSfyC4NfQHNrCbHMNBCL9VBrkknlnwfo5womNFk3h8:5QYkYmuMiUNjC4hQHys2WklnwfoiomHD

Score
10/10
healerredlinerostodiscoverydropperevasioninfostealertrojan

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      urdG51OK22.exe

    • Size

      231KB

    • MD5

      5fe359d97529c2e4ad1b8de89d19860e

    • SHA1

      d93e28ad930cdfaac6452143e04d68c707a9319a

    • SHA256

      6d9bb6b2fcbb222d16c5c19a9e62a84b0505e48009e257d076e5adde6f7107cc

    • SHA512

      6727cf4ff8d4fef4915f15bcb9787fcd968cfdd08ca749c7eb9a989ab63f8d55c1f6599e6e784679eb29d466094cd7c39f05badc53f80b952864d1c56eef5190

    • SSDEEP

      6144:QrxSPTs6R2mCDHMDz7oNPSfn7tdS6Jyy5B3dJj:QlCTlYmuMnUN87tdS6QO3Dj

    Score
    10/10
    healerdiscoverydropperevasiontrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Windows security modification

      evasiontrojan
    behavioral1behavioral2

    • Target

      wrhf66hI61.exe

    • Size

      290KB

    • MD5

      8fee42f989bab807a7e66858ba5fe89d

    • SHA1

      2f0c74aba0b54d351ac033248a718fa08edbfd91

    • SHA256

      0b8c7c56907917d4b837cb95e0f7f47223d4457ddddd5986922cd7e3d61d70e5

    • SHA512

      d4e1289b7bd0255a74eb8b85b552326ef288d45a9c69188a70215ecba62c984ecdb2ebb8ded103a699d109bf6d82ade212ed7c3dda8e04e780a79593cc3f6926

    • SSDEEP

      6144:og4xXooJCL9VLrkknlnwfo5wo+Nc3heJACEWdYCPoj:ogu4o0oklnwfoio+UwACEWdYlj

    Score
    10/10
    redlinerostodiscoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks