General

  • Target

    1b603ebaaedc79717602ce2eb588a599bfd3839652b8791c4740abd291472eac

  • Size

    689KB

  • Sample

    241109-d6y53awlbw

  • MD5

    09cf988fe929e0916c6a93e2f819b1cd

  • SHA1

    897cfb01ada92e29cdbc2268cce6fce30d00223e

  • SHA256

    1b603ebaaedc79717602ce2eb588a599bfd3839652b8791c4740abd291472eac

  • SHA512

    0de621a0b652e05bc21732e3af93adb05865f599040f4ef7c6db51ba19d5362a00bf00ff63084643fbdfe16bb79ac4267e21d00d54bb4ac08806f2a24788581b

  • SSDEEP

    12288:QMr+y90srtlHPuW42rsk63watvnQ1InVmOyEWRsGP43xwYMiKbCxZFlf+Iodc7:+yX5lmlyZEtmumOytRsI4h/Mv2xB4da

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      1b603ebaaedc79717602ce2eb588a599bfd3839652b8791c4740abd291472eac

    • Size

      689KB

    • MD5

      09cf988fe929e0916c6a93e2f819b1cd

    • SHA1

      897cfb01ada92e29cdbc2268cce6fce30d00223e

    • SHA256

      1b603ebaaedc79717602ce2eb588a599bfd3839652b8791c4740abd291472eac

    • SHA512

      0de621a0b652e05bc21732e3af93adb05865f599040f4ef7c6db51ba19d5362a00bf00ff63084643fbdfe16bb79ac4267e21d00d54bb4ac08806f2a24788581b

    • SSDEEP

      12288:QMr+y90srtlHPuW42rsk63watvnQ1InVmOyEWRsGP43xwYMiKbCxZFlf+Iodc7:+yX5lmlyZEtmumOytRsI4h/Mv2xB4da

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks