General

  • Target

    3b719daec9681179e8648d09f3c958288a6f368845166179a47d53775b52cd9b

  • Size

    687KB

  • Sample

    241109-1h3jxashkr

  • MD5

    5db6a0e2931f6564ff7f797c60b038fd

  • SHA1

    866b51e995894fe86d2c41f9e961985a437a54eb

  • SHA256

    3b719daec9681179e8648d09f3c958288a6f368845166179a47d53775b52cd9b

  • SHA512

    9561fb22e72ae54fd23e651cdbb5504708354d5eaa473f1e14bf1cb81ea45dcd8ec11c55eecb3ef86df556aafe46fe6556eed43b3ccb21f43b847b7d367fa0cc

  • SSDEEP

    12288:YMrsy905cbq9X5zs6qPOHvqoU5pXTi59FU3rBMoz7kqOG2tGrg7m5:kytgXhsES5pXTC9e3KO8U0S5

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      3b719daec9681179e8648d09f3c958288a6f368845166179a47d53775b52cd9b

    • Size

      687KB

    • MD5

      5db6a0e2931f6564ff7f797c60b038fd

    • SHA1

      866b51e995894fe86d2c41f9e961985a437a54eb

    • SHA256

      3b719daec9681179e8648d09f3c958288a6f368845166179a47d53775b52cd9b

    • SHA512

      9561fb22e72ae54fd23e651cdbb5504708354d5eaa473f1e14bf1cb81ea45dcd8ec11c55eecb3ef86df556aafe46fe6556eed43b3ccb21f43b847b7d367fa0cc

    • SSDEEP

      12288:YMrsy905cbq9X5zs6qPOHvqoU5pXTi59FU3rBMoz7kqOG2tGrg7m5:kytgXhsES5pXTC9e3KO8U0S5

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks