General

  • Target

    93ec3d9dbde54019edcdc0040641d95e193e0e672579fbeecbdb99e1ae7db8f0

  • Size

    538KB

  • Sample

    241030-1wq32asclp

  • MD5

    0746b3583a25774e62b81755942afb02

  • SHA1

    8fecfe529d7fa7faff2bd77b7dd52b21d4a5bfff

  • SHA256

    93ec3d9dbde54019edcdc0040641d95e193e0e672579fbeecbdb99e1ae7db8f0

  • SHA512

    213dd8614db383269624ffd2d588fd770553e8e4854fc261b09778ccb997456dfa351b32c731a692e05c409c1c04c1530cb9c623808d268af8f80c875c0c7498

  • SSDEEP

    12288:bMrGy90Vb9S+ZhEhQrWZi9azYix+I4+d6o7gDM7eoAW:hy2TZhE/iQzYy3oCCO

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      93ec3d9dbde54019edcdc0040641d95e193e0e672579fbeecbdb99e1ae7db8f0

    • Size

      538KB

    • MD5

      0746b3583a25774e62b81755942afb02

    • SHA1

      8fecfe529d7fa7faff2bd77b7dd52b21d4a5bfff

    • SHA256

      93ec3d9dbde54019edcdc0040641d95e193e0e672579fbeecbdb99e1ae7db8f0

    • SHA512

      213dd8614db383269624ffd2d588fd770553e8e4854fc261b09778ccb997456dfa351b32c731a692e05c409c1c04c1530cb9c623808d268af8f80c875c0c7498

    • SSDEEP

      12288:bMrGy90Vb9S+ZhEhQrWZi9azYix+I4+d6o7gDM7eoAW:hy2TZhE/iQzYy3oCCO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks