General

  • Target

    7aeba85d3d266df616145234bc0e07cfce329266b20a74f0ea0e1f1d597c81cf

  • Size

    683KB

  • Sample

    241109-1tam9stbml

  • MD5

    6b7d76239d7bea733cca265fde33e89e

  • SHA1

    0be586177134f46dd414d2d8609315cdbca83453

  • SHA256

    7aeba85d3d266df616145234bc0e07cfce329266b20a74f0ea0e1f1d597c81cf

  • SHA512

    a7a087800acd8823a1e1ba39b88a89483c7693761eaf26d7377890822d2ba1682c3f75466602311cc482633327289e1540f6066722f95bd7b767adef80f75613

  • SSDEEP

    12288:6Mr7y908eaFT08ribLwDDnQRYKCO21lzk6B5xLW+JVkiCSq1cKbKemw:lyNxnbqCO21lz35x9JFCSq1cKbK4

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      7aeba85d3d266df616145234bc0e07cfce329266b20a74f0ea0e1f1d597c81cf

    • Size

      683KB

    • MD5

      6b7d76239d7bea733cca265fde33e89e

    • SHA1

      0be586177134f46dd414d2d8609315cdbca83453

    • SHA256

      7aeba85d3d266df616145234bc0e07cfce329266b20a74f0ea0e1f1d597c81cf

    • SHA512

      a7a087800acd8823a1e1ba39b88a89483c7693761eaf26d7377890822d2ba1682c3f75466602311cc482633327289e1540f6066722f95bd7b767adef80f75613

    • SSDEEP

      12288:6Mr7y908eaFT08ribLwDDnQRYKCO21lzk6B5xLW+JVkiCSq1cKbKemw:lyNxnbqCO21lz35x9JFCSq1cKbK4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks