General

  • Target

    6ac0a8d732f2987e323f5cd6184738515c24c9c6a97a5fddb22d0cfd8dcb9c75

  • Size

    687KB

  • Sample

    241104-qra6xazkes

  • MD5

    38c08aecf175c465eb78319087c110ea

  • SHA1

    ce6462629b136145040fa39de6d25f7ea246465f

  • SHA256

    6ac0a8d732f2987e323f5cd6184738515c24c9c6a97a5fddb22d0cfd8dcb9c75

  • SHA512

    f544c26d1a356155fe524a27d92cca0b85ef1eb56198876780889594ff09a49d4680bcaec2000fbc6a1be76bdb6829187db259db39f0946fe4e3588ce5b60d18

  • SSDEEP

    12288:8Mrky90EDQrd3Ni3DY+n3ad8U1FxX6bKgrzyscUHNBMmzqkEVLZRfXePe:wydQrd3NH+qd8AcuOtHAoK9XOe

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      6ac0a8d732f2987e323f5cd6184738515c24c9c6a97a5fddb22d0cfd8dcb9c75

    • Size

      687KB

    • MD5

      38c08aecf175c465eb78319087c110ea

    • SHA1

      ce6462629b136145040fa39de6d25f7ea246465f

    • SHA256

      6ac0a8d732f2987e323f5cd6184738515c24c9c6a97a5fddb22d0cfd8dcb9c75

    • SHA512

      f544c26d1a356155fe524a27d92cca0b85ef1eb56198876780889594ff09a49d4680bcaec2000fbc6a1be76bdb6829187db259db39f0946fe4e3588ce5b60d18

    • SSDEEP

      12288:8Mrky90EDQrd3Ni3DY+n3ad8U1FxX6bKgrzyscUHNBMmzqkEVLZRfXePe:wydQrd3NH+qd8AcuOtHAoK9XOe

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks