General

  • Target

    274dbd160c52099b971d7de3d1ffb6ade75774e385d50e817bfb704c05ac8e2a

  • Size

    687KB

  • Sample

    241104-qbr5gszhmn

  • MD5

    f7087c0a042e4fb42e7a6d3192f31a2a

  • SHA1

    5661cb48aa55e07ca7d1e260f4b8e398c19db45a

  • SHA256

    274dbd160c52099b971d7de3d1ffb6ade75774e385d50e817bfb704c05ac8e2a

  • SHA512

    345ff6275064daea7425cbaeb6f3af449df1145b91aa035907dc6628aad9ad25fccc103faa70a929ec140bb2b177860966a445d60a014f30e368f8cff687c79f

  • SSDEEP

    12288:mMr0y903lzpxDKApG5ER7yErabo0av0bqKsHTJwkask:Oyk9DFpGsgbDBbSwk/k

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      274dbd160c52099b971d7de3d1ffb6ade75774e385d50e817bfb704c05ac8e2a

    • Size

      687KB

    • MD5

      f7087c0a042e4fb42e7a6d3192f31a2a

    • SHA1

      5661cb48aa55e07ca7d1e260f4b8e398c19db45a

    • SHA256

      274dbd160c52099b971d7de3d1ffb6ade75774e385d50e817bfb704c05ac8e2a

    • SHA512

      345ff6275064daea7425cbaeb6f3af449df1145b91aa035907dc6628aad9ad25fccc103faa70a929ec140bb2b177860966a445d60a014f30e368f8cff687c79f

    • SSDEEP

      12288:mMr0y903lzpxDKApG5ER7yErabo0av0bqKsHTJwkask:Oyk9DFpGsgbDBbSwk/k

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.