General

  • Target

    614a7bc3cc3a78328199db7a3a1afbb2e5259be67d6ec422b0aff8b0d079268c

  • Size

    686KB

  • Sample

    241104-qqzg4ssqgl

  • MD5

    77a66b0ea38c48301dad41a6fa3a817a

  • SHA1

    eddfbca45d81c61db14808c3b46332377e92388e

  • SHA256

    614a7bc3cc3a78328199db7a3a1afbb2e5259be67d6ec422b0aff8b0d079268c

  • SHA512

    07644d2f25542febb07e09e4dc1e19a1d5c9a842ce4a43f8840fd109d6beae2e5baac45c752c2014b0ce1e3b9065ffdf9022cd5c31f18996204d88415bcad20e

  • SSDEEP

    12288:7Mruy90o5arq0rpW9/QgZu1+HzWwkQkjBlFKKtHlMCQT:lyTcrqmW9HlTWwBkjBlowLQT

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      614a7bc3cc3a78328199db7a3a1afbb2e5259be67d6ec422b0aff8b0d079268c

    • Size

      686KB

    • MD5

      77a66b0ea38c48301dad41a6fa3a817a

    • SHA1

      eddfbca45d81c61db14808c3b46332377e92388e

    • SHA256

      614a7bc3cc3a78328199db7a3a1afbb2e5259be67d6ec422b0aff8b0d079268c

    • SHA512

      07644d2f25542febb07e09e4dc1e19a1d5c9a842ce4a43f8840fd109d6beae2e5baac45c752c2014b0ce1e3b9065ffdf9022cd5c31f18996204d88415bcad20e

    • SSDEEP

      12288:7Mruy90o5arq0rpW9/QgZu1+HzWwkQkjBlFKKtHlMCQT:lyTcrqmW9HlTWwBkjBlowLQT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks