General

  • Target

    bb91cd185fa1995a13afc5a05e3d64f7701372887f75162d74d5da1535e179b1

  • Size

    835KB

  • Sample

    241104-qr6ykszgjb

  • MD5

    2ebaf2f39e4fc390934aa07e7b761522

  • SHA1

    793fd95d12a56258dc31defd5863129265f23073

  • SHA256

    bb91cd185fa1995a13afc5a05e3d64f7701372887f75162d74d5da1535e179b1

  • SHA512

    e224e29974aca149ee97db9778282d1ea04faa9aa27fa8a7f91a6c4713965d114367de0605fd058cb3cc739aecab7716f444cde1364c21ca1e8d298ca3b714ae

  • SSDEEP

    12288:WMrny90zwpuVJsldRik/ax4tQlazQnaNKee5hb0Hd3Im9n7O7uJJsVK+Ft+Q1j0d:JyMlJ6le9aN2v0HhIm9n72OsAat10b

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      bb91cd185fa1995a13afc5a05e3d64f7701372887f75162d74d5da1535e179b1

    • Size

      835KB

    • MD5

      2ebaf2f39e4fc390934aa07e7b761522

    • SHA1

      793fd95d12a56258dc31defd5863129265f23073

    • SHA256

      bb91cd185fa1995a13afc5a05e3d64f7701372887f75162d74d5da1535e179b1

    • SHA512

      e224e29974aca149ee97db9778282d1ea04faa9aa27fa8a7f91a6c4713965d114367de0605fd058cb3cc739aecab7716f444cde1364c21ca1e8d298ca3b714ae

    • SSDEEP

      12288:WMrny90zwpuVJsldRik/ax4tQlazQnaNKee5hb0Hd3Im9n7O7uJJsVK+Ft+Q1j0d:JyMlJ6le9aN2v0HhIm9n72OsAat10b

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks