General

  • Target

    a215c16b4ffeac993d8496847ef18ef2c11232061cb1bcddd86e6c54d7b49b07

  • Size

    1.1MB

  • Sample

    241107-qrk14sslgs

  • MD5

    76b0f4608333115ee91dcaed3151af7c

  • SHA1

    171ef913ae02ac9549e224973e2121675fcb84dc

  • SHA256

    a215c16b4ffeac993d8496847ef18ef2c11232061cb1bcddd86e6c54d7b49b07

  • SHA512

    b48b47f7b769d545bd3ebe8e16d0742e1a42876a8f897a4c77bf6d754bd735eb9a721b7bca59baa787a3a90019fb68d2cf488d15a434480e4e7cad88d64aeebb

  • SSDEEP

    24576:/yygD4AN5SqPnN+JQbt5HMI8xEaUtRDdqdhHoPb38Vsn:KBj9fNpvHM1JA5jT38+

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      a215c16b4ffeac993d8496847ef18ef2c11232061cb1bcddd86e6c54d7b49b07

    • Size

      1.1MB

    • MD5

      76b0f4608333115ee91dcaed3151af7c

    • SHA1

      171ef913ae02ac9549e224973e2121675fcb84dc

    • SHA256

      a215c16b4ffeac993d8496847ef18ef2c11232061cb1bcddd86e6c54d7b49b07

    • SHA512

      b48b47f7b769d545bd3ebe8e16d0742e1a42876a8f897a4c77bf6d754bd735eb9a721b7bca59baa787a3a90019fb68d2cf488d15a434480e4e7cad88d64aeebb

    • SSDEEP

      24576:/yygD4AN5SqPnN+JQbt5HMI8xEaUtRDdqdhHoPb38Vsn:KBj9fNpvHM1JA5jT38+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks