General

  • Target

    42378106d8898c174587e89fb5b639b671187b7f30068e7fafe84533d58281dd

  • Size

    1.0MB

  • Sample

    241104-qv7dhszlaz

  • MD5

    e655f4cc352a6dbd3523496f7572f46a

  • SHA1

    40d5508b323117cebc0754330e7014c77cf27e76

  • SHA256

    42378106d8898c174587e89fb5b639b671187b7f30068e7fafe84533d58281dd

  • SHA512

    f41be238aedfd58d0671c6c1f34cca03111abe052439521707d3a7ea92efa2e0cca84a8f9ce5ad43ff72d91092e4edf3c5a90a7b54a64400a1427ba78cff2380

  • SSDEEP

    24576:sy2AVQfRKDWTheB9VMWaZAFCR1wOhg7B+:b2AqfRKDSho9avPo

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      42378106d8898c174587e89fb5b639b671187b7f30068e7fafe84533d58281dd

    • Size

      1.0MB

    • MD5

      e655f4cc352a6dbd3523496f7572f46a

    • SHA1

      40d5508b323117cebc0754330e7014c77cf27e76

    • SHA256

      42378106d8898c174587e89fb5b639b671187b7f30068e7fafe84533d58281dd

    • SHA512

      f41be238aedfd58d0671c6c1f34cca03111abe052439521707d3a7ea92efa2e0cca84a8f9ce5ad43ff72d91092e4edf3c5a90a7b54a64400a1427ba78cff2380

    • SSDEEP

      24576:sy2AVQfRKDWTheB9VMWaZAFCR1wOhg7B+:b2AqfRKDSho9avPo

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks