General

  • Target

    4cc81cccbc0ada3e7e413347e2c5a47023219e56f542a72297bca2a731a67395

  • Size

    546KB

  • Sample

    241104-qtcgrazgkc

  • MD5

    94d29aef78ac94942ebfe4901647929c

  • SHA1

    c9909c52e9a26bc7f139aadbd139af26d5193a7b

  • SHA256

    4cc81cccbc0ada3e7e413347e2c5a47023219e56f542a72297bca2a731a67395

  • SHA512

    c52b0026f9c17ac877d109dfd56f43462d8c2ee54ddbbde7f5f5e02977578efc003073791c77e714ccca387d397837020c17a4be4ffd052bbfaf7bdffe7f1c9f

  • SSDEEP

    12288:TMroy90kAf6bC3PypQPyec+JOojst5wLWLgBzqTH/uZTn:byKi4tqEMlskYqTHq

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      4cc81cccbc0ada3e7e413347e2c5a47023219e56f542a72297bca2a731a67395

    • Size

      546KB

    • MD5

      94d29aef78ac94942ebfe4901647929c

    • SHA1

      c9909c52e9a26bc7f139aadbd139af26d5193a7b

    • SHA256

      4cc81cccbc0ada3e7e413347e2c5a47023219e56f542a72297bca2a731a67395

    • SHA512

      c52b0026f9c17ac877d109dfd56f43462d8c2ee54ddbbde7f5f5e02977578efc003073791c77e714ccca387d397837020c17a4be4ffd052bbfaf7bdffe7f1c9f

    • SSDEEP

      12288:TMroy90kAf6bC3PypQPyec+JOojst5wLWLgBzqTH/uZTn:byKi4tqEMlskYqTHq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks