General

  • Target

    8004e42c03e7e2e93c2b7fd72303c809c184f651c3bd12f3d6162d232d9f0cf9

  • Size

    1.3MB

  • Sample

    241106-sd7dasvkgl

  • MD5

    677219601ddb765d759486dc5929ce32

  • SHA1

    b9aee99ca50f2206dd768236a82d3561fe40213d

  • SHA256

    8004e42c03e7e2e93c2b7fd72303c809c184f651c3bd12f3d6162d232d9f0cf9

  • SHA512

    efd4d7ba0eba1ab5be79ead8147ab8a54e280fd76cefacbac89460d4279b0da58ed2423eafdf0f2a84c212f22bc6d9ac1a26b4f3cdf7381a37eec822bd63c33d

  • SSDEEP

    24576:Ey7aiAclVkw97VvXQAhaFWH0VwFvffsajOVKFVQHw/BFhseUY+F:T+alPfXvMFi08PJ4KrKw/Js7

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      8004e42c03e7e2e93c2b7fd72303c809c184f651c3bd12f3d6162d232d9f0cf9

    • Size

      1.3MB

    • MD5

      677219601ddb765d759486dc5929ce32

    • SHA1

      b9aee99ca50f2206dd768236a82d3561fe40213d

    • SHA256

      8004e42c03e7e2e93c2b7fd72303c809c184f651c3bd12f3d6162d232d9f0cf9

    • SHA512

      efd4d7ba0eba1ab5be79ead8147ab8a54e280fd76cefacbac89460d4279b0da58ed2423eafdf0f2a84c212f22bc6d9ac1a26b4f3cdf7381a37eec822bd63c33d

    • SSDEEP

      24576:Ey7aiAclVkw97VvXQAhaFWH0VwFvffsajOVKFVQHw/BFhseUY+F:T+alPfXvMFi08PJ4KrKw/Js7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks