General

  • Target

    a525b092c58b59ceff845ca8f0b8213cd864a1fd9f4d7ac2c3f0d9b6643047ab

  • Size

    540KB

  • Sample

    241104-rnmwza1fqj

  • MD5

    3670c12a2ab734444c5d4120216683a5

  • SHA1

    2b28725f25048e10ce2b7d12f3b1d4bf9ac7a342

  • SHA256

    a525b092c58b59ceff845ca8f0b8213cd864a1fd9f4d7ac2c3f0d9b6643047ab

  • SHA512

    286c8f98746d3e8d36f6c03392556681f19416fd16cc9ee86cff490e80dd87c063790c929d38b338c73746132d64b862be843e627201c7e04e5e229be6f4ad24

  • SSDEEP

    12288:IMrOy90mrqJp7Sgj05d4fRO7xl8WQ02eAIN:WyFrm75i4fA7xl8IAe

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      a525b092c58b59ceff845ca8f0b8213cd864a1fd9f4d7ac2c3f0d9b6643047ab

    • Size

      540KB

    • MD5

      3670c12a2ab734444c5d4120216683a5

    • SHA1

      2b28725f25048e10ce2b7d12f3b1d4bf9ac7a342

    • SHA256

      a525b092c58b59ceff845ca8f0b8213cd864a1fd9f4d7ac2c3f0d9b6643047ab

    • SHA512

      286c8f98746d3e8d36f6c03392556681f19416fd16cc9ee86cff490e80dd87c063790c929d38b338c73746132d64b862be843e627201c7e04e5e229be6f4ad24

    • SSDEEP

      12288:IMrOy90mrqJp7Sgj05d4fRO7xl8WQ02eAIN:WyFrm75i4fA7xl8IAe

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks