General

  • Target

    0dd54f2d7b897be97ad8ba1af5d8038221fea9163dc73a79c30a44a6270657cb

  • Size

    1.2MB

  • Sample

    241109-edzfssxarh

  • MD5

    7145de3821650c7d61d6213d70d1aa64

  • SHA1

    51d915a6a7d04fd24168dbe92363d8645a674c3d

  • SHA256

    0dd54f2d7b897be97ad8ba1af5d8038221fea9163dc73a79c30a44a6270657cb

  • SHA512

    14c2eff5098b0499c22481bc8c37024460bc0e98bc5563955f293d75cc15e9cb47a8a696f19e5a919d502703388c01393e52691049857791d0e62962d421f7e1

  • SSDEEP

    24576:IP68Q0hZGglqBXOSYHjlRNTeM1YCXLlW//bVyFqb:IVQ0hrlqB5YD3+nbgq

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      0dd54f2d7b897be97ad8ba1af5d8038221fea9163dc73a79c30a44a6270657cb

    • Size

      1.2MB

    • MD5

      7145de3821650c7d61d6213d70d1aa64

    • SHA1

      51d915a6a7d04fd24168dbe92363d8645a674c3d

    • SHA256

      0dd54f2d7b897be97ad8ba1af5d8038221fea9163dc73a79c30a44a6270657cb

    • SHA512

      14c2eff5098b0499c22481bc8c37024460bc0e98bc5563955f293d75cc15e9cb47a8a696f19e5a919d502703388c01393e52691049857791d0e62962d421f7e1

    • SSDEEP

      24576:IP68Q0hZGglqBXOSYHjlRNTeM1YCXLlW//bVyFqb:IVQ0hrlqB5YD3+nbgq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks