General

  • Target

    9af9cf1e22e4b9c3cef71e839962451fc1f09f90f46c4dd36706970d94145893

  • Size

    1.1MB

  • Sample

    241106-ygdhaawjfs

  • MD5

    70bc563ce887a116c08b548e7b4623d7

  • SHA1

    6decdb01fbee7c02fbc66ae2edf6f0366c7d6631

  • SHA256

    9af9cf1e22e4b9c3cef71e839962451fc1f09f90f46c4dd36706970d94145893

  • SHA512

    5fa47cf9f1eeb7716623445c83d354a79e03fa79646d7c12678e7c1c815a5f5066369fd2b30dd311855a972bf9260b2cf9fc3f502e65923895e9a13cffcd8369

  • SSDEEP

    24576:YV8GfFeO7DtWN4hDXBgCViq2Xx9Yv3aUhpYqVOaePB8XZkI9YdE:YvfQwDtI4xXBgCVeXxOC+CqVOaMG+dE

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      9d1f7e4c39ca9c1c135aa434d21696e01907a80f97e5d3efacef9bb0461e8984.exe

    • Size

      1.1MB

    • MD5

      da55d8e5ca17d483a9f9c883344ee590

    • SHA1

      340b2cd64d7dfeb70d2dfcd5fb09636530b0a49e

    • SHA256

      9d1f7e4c39ca9c1c135aa434d21696e01907a80f97e5d3efacef9bb0461e8984

    • SHA512

      311d5784a45bea55c62d0457599e8758ab25fa5b94248bcb54cea2ac9973ebab3ca39c5383fb54e2f87cdd28a677e2071f90b563430e5ce5a22b0745be05aad7

    • SSDEEP

      24576:Xyf15UnOgBvxgwObnr66C7eoNKgiEY6EyiNhtTYy5iuwYUVoM:ifsnrvGZrDqQLy+zYy5/UV

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks