General

  • Target

    effe403966a75c0b0ade7a628d08b6e907c6910fdb5e9f87f5d1cf62ccf0d9db

  • Size

    689KB

  • Sample

    241109-d46gcswhkg

  • MD5

    07e9b624e073cd09f269e0370cdd1a23

  • SHA1

    e96c1cf525b46a494a884d639c5a01a56a7f8d3f

  • SHA256

    effe403966a75c0b0ade7a628d08b6e907c6910fdb5e9f87f5d1cf62ccf0d9db

  • SHA512

    fe8743e623e380b7529bb29b63e0aead2345a0e853f34d755b1d4f74b455034c4b96673f62def5ba5277f50643967aff3f7041255242e8362d442aaa6f453a79

  • SSDEEP

    12288:HMr+y908qwUciEfee808QGtXgAbnDSgXDCPoo81Sr4343x7YMIKb1ttBqfp+p2:NyxyciEfeep8nD25oo81M84hkMRDSpy2

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      effe403966a75c0b0ade7a628d08b6e907c6910fdb5e9f87f5d1cf62ccf0d9db

    • Size

      689KB

    • MD5

      07e9b624e073cd09f269e0370cdd1a23

    • SHA1

      e96c1cf525b46a494a884d639c5a01a56a7f8d3f

    • SHA256

      effe403966a75c0b0ade7a628d08b6e907c6910fdb5e9f87f5d1cf62ccf0d9db

    • SHA512

      fe8743e623e380b7529bb29b63e0aead2345a0e853f34d755b1d4f74b455034c4b96673f62def5ba5277f50643967aff3f7041255242e8362d442aaa6f453a79

    • SSDEEP

      12288:HMr+y908qwUciEfee808QGtXgAbnDSgXDCPoo81Sr4343x7YMIKb1ttBqfp+p2:NyxyciEfeep8nD25oo81M84hkMRDSpy2

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks