General

  • Target

    225d7009e8d9f77e6151efaa8028a886b1cd5dbafbfa30f021dc21e9827a1430

  • Size

    731KB

  • Sample

    241104-zqhc9sxbqa

  • MD5

    17c75a4989f1ae0469a58e604db806cd

  • SHA1

    af8b8e779f91718e8f864a2a4fba4f60df7cf568

  • SHA256

    225d7009e8d9f77e6151efaa8028a886b1cd5dbafbfa30f021dc21e9827a1430

  • SHA512

    ba6b593172ed4045836ccfc579c05364bc88557781799ca701cf633ae9e56904724178f88fc78abda8d9a06ef1603635c9ff8fd5c47cca0a949e2f8cbea7c301

  • SSDEEP

    12288:Sf0zMO4wfj7fKqyQyHLkp0RcP6hETH+Ibj++aHKqwldxV3cakwlJ83PnZ:/M3wnfLyQ9nSmbSVwDN43vZ

Malware Config

Extracted

Family

redline

Botnet

dezik

C2

193.56.146.220:4174

Attributes
  • auth_value

    d39f21dca8edc10800b036ab83f4d75e

Targets

    • Target

      225d7009e8d9f77e6151efaa8028a886b1cd5dbafbfa30f021dc21e9827a1430

    • Size

      731KB

    • MD5

      17c75a4989f1ae0469a58e604db806cd

    • SHA1

      af8b8e779f91718e8f864a2a4fba4f60df7cf568

    • SHA256

      225d7009e8d9f77e6151efaa8028a886b1cd5dbafbfa30f021dc21e9827a1430

    • SHA512

      ba6b593172ed4045836ccfc579c05364bc88557781799ca701cf633ae9e56904724178f88fc78abda8d9a06ef1603635c9ff8fd5c47cca0a949e2f8cbea7c301

    • SSDEEP

      12288:Sf0zMO4wfj7fKqyQyHLkp0RcP6hETH+Ibj++aHKqwldxV3cakwlJ83PnZ:/M3wnfLyQ9nSmbSVwDN43vZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks