General

  • Target

    207954b014ee1c9e366bbf937636294eeb6e440bc61df0144792f012ade73f2e

  • Size

    1.1MB

  • Sample

    241106-yccp7aynbl

  • MD5

    b5ffbef41f720cf9bcf241fe35a23e45

  • SHA1

    4c27b62b7d7fd3e64e488104204c9d6b23c382e3

  • SHA256

    207954b014ee1c9e366bbf937636294eeb6e440bc61df0144792f012ade73f2e

  • SHA512

    da4ad2f6707746855e7a47d4dce138dde9bfb02a06ff6127a294f373e68791ab48e74b5591b2f60531a6cb03fa230f0a8de909ded5942ea66481bb3ac5599150

  • SSDEEP

    24576:3QfWlOHWRu2ECS3bbAwTOv1NBbqHcjzurqad5KjSxk8bUlaPzl:BO2QRrbWfqHcuf5Z/Usp

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      fc199ff73ba6fe6e48e73c7e14d581104d5bac10e72bc6afe139ae69dd28ba07.exe

    • Size

      1.1MB

    • MD5

      484752c3705e0a2f3d64658da43478d9

    • SHA1

      f4ada7142bc6e6bec696c26e150a53d3ae9c3ca7

    • SHA256

      fc199ff73ba6fe6e48e73c7e14d581104d5bac10e72bc6afe139ae69dd28ba07

    • SHA512

      5f5800424bdc017c38fc7680f5dfdbdd7f58997771bab5ad768b66e79851d1dc2d96374d684be066d7921dcf5cf0fd528e062aac297b9bee02e127728ff48f49

    • SSDEEP

      24576:VypCmFylJZzgguq3cijm1IZykLOzcRDOYbtkcTUk3/V9zyW:wpC+ylJzcf1IjL/DPBT3Ty

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks