General

  • Target

    b8a48556b02335ad49007138f05674ab89093d9f33131e3067a4ef4ba68c7f37

  • Size

    1.1MB

  • Sample

    241107-p28pgsvnap

  • MD5

    d615f51d7371e129fa38bfaa29c02ea2

  • SHA1

    88827b6ce76609a0e5d44fc993914da66579c549

  • SHA256

    b8a48556b02335ad49007138f05674ab89093d9f33131e3067a4ef4ba68c7f37

  • SHA512

    19e63717e232b69c1bdd55c126ba504c0ce9235c75bc53c9ccc2ec07ce575cb9b4513db70d95fa8e0ddfe3f77c94488531bc4d58fc90081961643aaf667becdf

  • SSDEEP

    24576:6ymXxKyoW377nHk1d3QvNgv18C3gfuzmUU7ulL3Y9A2K2tK:BmXxvnLzGMivwO3U+09zR

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      b8a48556b02335ad49007138f05674ab89093d9f33131e3067a4ef4ba68c7f37

    • Size

      1.1MB

    • MD5

      d615f51d7371e129fa38bfaa29c02ea2

    • SHA1

      88827b6ce76609a0e5d44fc993914da66579c549

    • SHA256

      b8a48556b02335ad49007138f05674ab89093d9f33131e3067a4ef4ba68c7f37

    • SHA512

      19e63717e232b69c1bdd55c126ba504c0ce9235c75bc53c9ccc2ec07ce575cb9b4513db70d95fa8e0ddfe3f77c94488531bc4d58fc90081961643aaf667becdf

    • SSDEEP

      24576:6ymXxKyoW377nHk1d3QvNgv18C3gfuzmUU7ulL3Y9A2K2tK:BmXxvnLzGMivwO3U+09zR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks