General

  • Target

    02d8b605e823a200fe80745ac4cb2ba259fe88fe84f5c2f3ff29c41bb2f92e9a

  • Size

    685KB

  • Sample

    241028-23s2mszbrq

  • MD5

    fe2aa7d49ad1caae2397a1c36a599e0b

  • SHA1

    f0d8919562c7be80d2fcd999298e6093fd6bce80

  • SHA256

    02d8b605e823a200fe80745ac4cb2ba259fe88fe84f5c2f3ff29c41bb2f92e9a

  • SHA512

    d12b6538cd60747072f2daae64b0a389a3d4d9fba86e8fb83460d1f9e2e94c83f2546c086c28060b1b2e7d0b5184ac108fddf5310c343b23dc2dd7fec7173372

  • SSDEEP

    12288:AMr4y90rfFPxMfwjy4kY7eZHeJSZWZ5E8WcMmYZTvfKe1GGwwgLj/y:oy6ftnjybYaoP5E8BYRfn1GGwB/y

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      02d8b605e823a200fe80745ac4cb2ba259fe88fe84f5c2f3ff29c41bb2f92e9a

    • Size

      685KB

    • MD5

      fe2aa7d49ad1caae2397a1c36a599e0b

    • SHA1

      f0d8919562c7be80d2fcd999298e6093fd6bce80

    • SHA256

      02d8b605e823a200fe80745ac4cb2ba259fe88fe84f5c2f3ff29c41bb2f92e9a

    • SHA512

      d12b6538cd60747072f2daae64b0a389a3d4d9fba86e8fb83460d1f9e2e94c83f2546c086c28060b1b2e7d0b5184ac108fddf5310c343b23dc2dd7fec7173372

    • SSDEEP

      12288:AMr4y90rfFPxMfwjy4kY7eZHeJSZWZ5E8WcMmYZTvfKe1GGwwgLj/y:oy6ftnjybYaoP5E8BYRfn1GGwB/y

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.