General

  • Target

    9af4825cb7e0c49d9bd032faabb0568f924303ad5dff05e94399e2137eb811d7

  • Size

    821KB

  • Sample

    241104-qtdptazkgv

  • MD5

    2ec0cc03412324be47c5d88d97133451

  • SHA1

    6506cf125e9a8b56e79c4a950fd331c02e05656b

  • SHA256

    9af4825cb7e0c49d9bd032faabb0568f924303ad5dff05e94399e2137eb811d7

  • SHA512

    0e658596d8e1a96be9c408c1960967ee71516ce10d689da6c7dd9f825ad8d5820f6a301e77841be55bb955b910067a7e7db153197cc0710e1cccb0a0466bdaeb

  • SSDEEP

    12288:MMrdy90H7ChlUGmtI29aWAnhJqZwuP5ixn8/2uZivep2jgZo4TrB02Fl5r7t:JysGt2oGwuP5iFOZWe2cZo4fB0oP7t

Malware Config

Extracted

Family

redline

Botnet

dubna

C2

193.233.20.11:4131

Attributes
  • auth_value

    f324b1269094b7462e56bab025f032f4

Targets

    • Target

      9af4825cb7e0c49d9bd032faabb0568f924303ad5dff05e94399e2137eb811d7

    • Size

      821KB

    • MD5

      2ec0cc03412324be47c5d88d97133451

    • SHA1

      6506cf125e9a8b56e79c4a950fd331c02e05656b

    • SHA256

      9af4825cb7e0c49d9bd032faabb0568f924303ad5dff05e94399e2137eb811d7

    • SHA512

      0e658596d8e1a96be9c408c1960967ee71516ce10d689da6c7dd9f825ad8d5820f6a301e77841be55bb955b910067a7e7db153197cc0710e1cccb0a0466bdaeb

    • SSDEEP

      12288:MMrdy90H7ChlUGmtI29aWAnhJqZwuP5ixn8/2uZivep2jgZo4TrB02Fl5r7t:JysGt2oGwuP5iFOZWe2cZo4fB0oP7t

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks