General

  • Target

    e7566432abd920c36fc36ebc4439fe4242a4e03233e9d783f0f2dbf018be9753

  • Size

    541KB

  • Sample

    241109-ebskgawmb1

  • MD5

    e74383c1a727ae34cfdad5d248daae95

  • SHA1

    77991a82576b63698005a0963d6bb8793843c143

  • SHA256

    e7566432abd920c36fc36ebc4439fe4242a4e03233e9d783f0f2dbf018be9753

  • SHA512

    8dd681606fc162a75d2284171879712d4d11f3217c005a95790390d0b3afc1ee10a2b0722d27401c3594f0c507afccd754b30cde9247992051748690431ebec2

  • SSDEEP

    12288:DMrYy905rWGf6P63q8HtJ3fCt2jVqcCwATHjl4a:ry4Lf6PMNJPCtqIcCwATHL

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      e7566432abd920c36fc36ebc4439fe4242a4e03233e9d783f0f2dbf018be9753

    • Size

      541KB

    • MD5

      e74383c1a727ae34cfdad5d248daae95

    • SHA1

      77991a82576b63698005a0963d6bb8793843c143

    • SHA256

      e7566432abd920c36fc36ebc4439fe4242a4e03233e9d783f0f2dbf018be9753

    • SHA512

      8dd681606fc162a75d2284171879712d4d11f3217c005a95790390d0b3afc1ee10a2b0722d27401c3594f0c507afccd754b30cde9247992051748690431ebec2

    • SSDEEP

      12288:DMrYy905rWGf6P63q8HtJ3fCt2jVqcCwATHjl4a:ry4Lf6PMNJPCtqIcCwATHL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks