General

  • Target

    2bfc8d63ea3f05aacff15ce95891a9de4dc576625cae95ca0a33cc411c0d5750

  • Size

    1.1MB

  • Sample

    241107-r3wsestlbx

  • MD5

    db82ea2db4ced053fa12faaf39b4263f

  • SHA1

    446fc2c2895974e0c8cab537f7cabe30907fb3a7

  • SHA256

    2bfc8d63ea3f05aacff15ce95891a9de4dc576625cae95ca0a33cc411c0d5750

  • SHA512

    87e1180ba64e1f9e639faf861776effb8e402f7ef994320db330b98ce6c63ebf4bafd7738a106ebaa7fd3d5b21ec75f603f45f5b3575117619ddb9597d8f7c5a

  • SSDEEP

    24576:5y3JVBCXlTNI8NbWJDL/6YMaTUy4RHoKucYCqAG928r:s3JbCXpNI8NSx/6YMaTERI0GAGR

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      2bfc8d63ea3f05aacff15ce95891a9de4dc576625cae95ca0a33cc411c0d5750

    • Size

      1.1MB

    • MD5

      db82ea2db4ced053fa12faaf39b4263f

    • SHA1

      446fc2c2895974e0c8cab537f7cabe30907fb3a7

    • SHA256

      2bfc8d63ea3f05aacff15ce95891a9de4dc576625cae95ca0a33cc411c0d5750

    • SHA512

      87e1180ba64e1f9e639faf861776effb8e402f7ef994320db330b98ce6c63ebf4bafd7738a106ebaa7fd3d5b21ec75f603f45f5b3575117619ddb9597d8f7c5a

    • SSDEEP

      24576:5y3JVBCXlTNI8NbWJDL/6YMaTUy4RHoKucYCqAG928r:s3JbCXpNI8NSx/6YMaTERI0GAGR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks