General

  • Target

    1a013bf9c17bcb1d2566d84b252f410e6f14f32ae8569776138c6ea41a21ee6a

  • Size

    1.1MB

  • Sample

    241105-daplrasley

  • MD5

    8118458ee4e446933c68af64b8929c1a

  • SHA1

    d3ba55faa504b04cee01b714f0276e14e0621310

  • SHA256

    1a013bf9c17bcb1d2566d84b252f410e6f14f32ae8569776138c6ea41a21ee6a

  • SHA512

    520b31741b4e15e63e4b0d60e4d4bba3542f8e347153c24a6e2432da7603edada4abda6a55e4b4d693876cf5b03e8d421b329ba7285af50a38d685610393070a

  • SSDEEP

    24576:LyiioO23dV6P4NGrWjqrPRvps6MRrZVeDkap0ezYHCULHI0:+Lc2WjuPRBvWVhdCUL

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      1a013bf9c17bcb1d2566d84b252f410e6f14f32ae8569776138c6ea41a21ee6a

    • Size

      1.1MB

    • MD5

      8118458ee4e446933c68af64b8929c1a

    • SHA1

      d3ba55faa504b04cee01b714f0276e14e0621310

    • SHA256

      1a013bf9c17bcb1d2566d84b252f410e6f14f32ae8569776138c6ea41a21ee6a

    • SHA512

      520b31741b4e15e63e4b0d60e4d4bba3542f8e347153c24a6e2432da7603edada4abda6a55e4b4d693876cf5b03e8d421b329ba7285af50a38d685610393070a

    • SSDEEP

      24576:LyiioO23dV6P4NGrWjqrPRvps6MRrZVeDkap0ezYHCULHI0:+Lc2WjuPRBvWVhdCUL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks