General

  • Target

    59ec8e827ea3b1d9575a626d83cdffc3f45e1b13f3492e41487fd9d8c958981b

  • Size

    546KB

  • Sample

    241104-12grjs1kdj

  • MD5

    122d2861a7baa26c0dea20eb22d84a06

  • SHA1

    58cded35f0638ea502d09ece6c3e6c9fc5a2b1c2

  • SHA256

    59ec8e827ea3b1d9575a626d83cdffc3f45e1b13f3492e41487fd9d8c958981b

  • SHA512

    86ec20eb3afce2fd4600ae92e6122ea3f907ba3d8b57cdbd94cc63f9a8727af5cfabaa0d1381ef1fbe5cc9f9f8c229044111a5df77ff5964c7a25d226092a755

  • SSDEEP

    12288:CMrcy902povBfu0lzQjVng2wC+ztXwL7lqTGCREK1e:iytSJfdlAbOWITGvz

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      59ec8e827ea3b1d9575a626d83cdffc3f45e1b13f3492e41487fd9d8c958981b

    • Size

      546KB

    • MD5

      122d2861a7baa26c0dea20eb22d84a06

    • SHA1

      58cded35f0638ea502d09ece6c3e6c9fc5a2b1c2

    • SHA256

      59ec8e827ea3b1d9575a626d83cdffc3f45e1b13f3492e41487fd9d8c958981b

    • SHA512

      86ec20eb3afce2fd4600ae92e6122ea3f907ba3d8b57cdbd94cc63f9a8727af5cfabaa0d1381ef1fbe5cc9f9f8c229044111a5df77ff5964c7a25d226092a755

    • SSDEEP

      12288:CMrcy902povBfu0lzQjVng2wC+ztXwL7lqTGCREK1e:iytSJfdlAbOWITGvz

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks