General

  • Target

    a4edb379f455d878bb59a3b50c56ccd3d145e6c9206a70433934cc5cf2fea6d3

  • Size

    1.1MB

  • Sample

    241106-tnmbjsterp

  • MD5

    d276b6a92ab69f2cd5c20bea6d3ed438

  • SHA1

    04d2e3ad1799702a227c49e07bbc90321af07441

  • SHA256

    a4edb379f455d878bb59a3b50c56ccd3d145e6c9206a70433934cc5cf2fea6d3

  • SHA512

    ade4305a72cffce19ce9dbd06f054b93e6b1ae5be5ecd665e7885ee13bb45465f30989c2a457d08d1e57f2899ce016878ef26414e65e7c201627a7cc000d5a74

  • SSDEEP

    24576:my0kVAX6UOdc3jYtNFR7a+4INl654btVGX3rUh10MmGurmH:10kuX65cSnR7a+5NlG4btVGX3+2Gu

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      a4edb379f455d878bb59a3b50c56ccd3d145e6c9206a70433934cc5cf2fea6d3

    • Size

      1.1MB

    • MD5

      d276b6a92ab69f2cd5c20bea6d3ed438

    • SHA1

      04d2e3ad1799702a227c49e07bbc90321af07441

    • SHA256

      a4edb379f455d878bb59a3b50c56ccd3d145e6c9206a70433934cc5cf2fea6d3

    • SHA512

      ade4305a72cffce19ce9dbd06f054b93e6b1ae5be5ecd665e7885ee13bb45465f30989c2a457d08d1e57f2899ce016878ef26414e65e7c201627a7cc000d5a74

    • SSDEEP

      24576:my0kVAX6UOdc3jYtNFR7a+4INl654btVGX3rUh10MmGurmH:10kuX65cSnR7a+5NlG4btVGX3+2Gu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks