General

  • Target

    1d6b933a29fe2575849c29b14c2bb54abb487fb618576732361bd201883736e9

  • Size

    687KB

  • Sample

    241109-d6pavswhqq

  • MD5

    ff61e4a2e873f5adeee556c721734cbb

  • SHA1

    8d99e1c54a294cbf8259117bab53f5eeef4cd646

  • SHA256

    1d6b933a29fe2575849c29b14c2bb54abb487fb618576732361bd201883736e9

  • SHA512

    e49fdc4280a806e9dac56053ae423dc05b103f46c0e934e893e2a3f6575e29721b0b97c2135dfa0aafa5ede6eafea69c938ca75fae5096675c7c933dabc190d6

  • SSDEEP

    12288:9MrEy90TNtO9fO/5oMhFUwG+pS8qb88EOTRzIKlZ0uZAoTJLMaTGe:Fymt+f05oM7nRkt5hz+uyu1

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      1d6b933a29fe2575849c29b14c2bb54abb487fb618576732361bd201883736e9

    • Size

      687KB

    • MD5

      ff61e4a2e873f5adeee556c721734cbb

    • SHA1

      8d99e1c54a294cbf8259117bab53f5eeef4cd646

    • SHA256

      1d6b933a29fe2575849c29b14c2bb54abb487fb618576732361bd201883736e9

    • SHA512

      e49fdc4280a806e9dac56053ae423dc05b103f46c0e934e893e2a3f6575e29721b0b97c2135dfa0aafa5ede6eafea69c938ca75fae5096675c7c933dabc190d6

    • SSDEEP

      12288:9MrEy90TNtO9fO/5oMhFUwG+pS8qb88EOTRzIKlZ0uZAoTJLMaTGe:Fymt+f05oM7nRkt5hz+uyu1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks