General

  • Target

    14b690f25b5f16e7abd8a92e241e2d4ed176b53c1269afd854c3d3bbf6812150

  • Size

    1.0MB

  • Sample

    241104-qs9qvszgkb

  • MD5

    fae4d57cc7d87f74415914001edc5b68

  • SHA1

    bb509c48a27af9323294797cf25eef291a257a6b

  • SHA256

    14b690f25b5f16e7abd8a92e241e2d4ed176b53c1269afd854c3d3bbf6812150

  • SHA512

    94e37a98ba13c5076c26df430653159270ac9927019631014067851e18a9553d93f17e2549d4311c4fb7b9da1641dec718ce88158a25c63e937735b2b6d8ccb2

  • SSDEEP

    12288:NMrry90QD3hBd+J9EZx65kgL34SEr0NHHd7eS3qZclysEosOHBA5fbDjTZok6Fh5:CyHDRB8Jax6Sg74bTJBDjFm2blFoZ

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      14b690f25b5f16e7abd8a92e241e2d4ed176b53c1269afd854c3d3bbf6812150

    • Size

      1.0MB

    • MD5

      fae4d57cc7d87f74415914001edc5b68

    • SHA1

      bb509c48a27af9323294797cf25eef291a257a6b

    • SHA256

      14b690f25b5f16e7abd8a92e241e2d4ed176b53c1269afd854c3d3bbf6812150

    • SHA512

      94e37a98ba13c5076c26df430653159270ac9927019631014067851e18a9553d93f17e2549d4311c4fb7b9da1641dec718ce88158a25c63e937735b2b6d8ccb2

    • SSDEEP

      12288:NMrry90QD3hBd+J9EZx65kgL34SEr0NHHd7eS3qZclysEosOHBA5fbDjTZok6Fh5:CyHDRB8Jax6Sg74bTJBDjFm2blFoZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks