General

  • Target

    f4735899320a1e610dae34fb0852ce7864e4ed54cb10a7470e0157baa4806e8f

  • Size

    540KB

  • Sample

    241109-eg6z2sxbpb

  • MD5

    fa9d7b67594cac9b7ff12a0aca564370

  • SHA1

    0528a25138e43840f5778af4fed5b25764e72d71

  • SHA256

    f4735899320a1e610dae34fb0852ce7864e4ed54cb10a7470e0157baa4806e8f

  • SHA512

    d40105ef07cd79619efb596f2cd41746c8db963fb4b4f4eb8e918826162ba635e83acb96dca2316615405337d479c3d9f94c58ec811161c50931037f852592d7

  • SSDEEP

    12288:+Mrjy90W/CdacF3x2VzXHqSZDHit4RHSW+w7zW0Umg9hBl:hyApt2vDHdRHt+w7zLUmw

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      f4735899320a1e610dae34fb0852ce7864e4ed54cb10a7470e0157baa4806e8f

    • Size

      540KB

    • MD5

      fa9d7b67594cac9b7ff12a0aca564370

    • SHA1

      0528a25138e43840f5778af4fed5b25764e72d71

    • SHA256

      f4735899320a1e610dae34fb0852ce7864e4ed54cb10a7470e0157baa4806e8f

    • SHA512

      d40105ef07cd79619efb596f2cd41746c8db963fb4b4f4eb8e918826162ba635e83acb96dca2316615405337d479c3d9f94c58ec811161c50931037f852592d7

    • SSDEEP

      12288:+Mrjy90W/CdacF3x2VzXHqSZDHit4RHSW+w7zW0Umg9hBl:hyApt2vDHdRHt+w7zLUmw

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks