General

  • Target

    77fda6047aa2ee062e16f5d64c7d7b400e8e6c57cc52f4a08a1092a802ca119f

  • Size

    851KB

  • Sample

    241104-qmryvssqdm

  • MD5

    b5400b3c5afbec5b7ec646aadde072c1

  • SHA1

    4d92db7b95b7edec5b9682728d4356371c985640

  • SHA256

    77fda6047aa2ee062e16f5d64c7d7b400e8e6c57cc52f4a08a1092a802ca119f

  • SHA512

    7e7251693c19422796e44f7c4786c1152bf00f8244bfaf86049801890047407446c46ae392c227157f0629978447e48cfddc75a254ab00b582beebee3ccbca60

  • SSDEEP

    12288:LMrKy90TuBlHc/XwzmOlpDZQB25Na1MWRx3zVXPgewpPGgEwExQkVUt1oEodnihI:JyUQI6pDGsYR7YewBDEwEykVUtH+d

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      77fda6047aa2ee062e16f5d64c7d7b400e8e6c57cc52f4a08a1092a802ca119f

    • Size

      851KB

    • MD5

      b5400b3c5afbec5b7ec646aadde072c1

    • SHA1

      4d92db7b95b7edec5b9682728d4356371c985640

    • SHA256

      77fda6047aa2ee062e16f5d64c7d7b400e8e6c57cc52f4a08a1092a802ca119f

    • SHA512

      7e7251693c19422796e44f7c4786c1152bf00f8244bfaf86049801890047407446c46ae392c227157f0629978447e48cfddc75a254ab00b582beebee3ccbca60

    • SSDEEP

      12288:LMrKy90TuBlHc/XwzmOlpDZQB25Na1MWRx3zVXPgewpPGgEwExQkVUt1oEodnihI:JyUQI6pDGsYR7YewBDEwEykVUtH+d

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks