General

  • Target

    8083a15c972bda5bcbba44e9db10abc8b38528948166828bc6567845e4835231

  • Size

    682KB

  • Sample

    241109-ehpgdswndy

  • MD5

    ccb03bf02f686ffb7e2c18d744ffa957

  • SHA1

    b6e431156cd186046c37321cf8aa004e8c697293

  • SHA256

    8083a15c972bda5bcbba44e9db10abc8b38528948166828bc6567845e4835231

  • SHA512

    29f40001ec5a58e13b2f87df652324ed2354d38dc9d7e91606b84d0df8a63e1e2495d3ebf07dc4d0123ed198a83e652458094eb52dde9b8f806352f0958c4df4

  • SSDEEP

    12288:0MrCy90RJPQxFfs1kGxNCH+RDQbkiBWZPuk/CO4PqNeSxX:my04KxLpQb3WLCO4PqNeSxX

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      8083a15c972bda5bcbba44e9db10abc8b38528948166828bc6567845e4835231

    • Size

      682KB

    • MD5

      ccb03bf02f686ffb7e2c18d744ffa957

    • SHA1

      b6e431156cd186046c37321cf8aa004e8c697293

    • SHA256

      8083a15c972bda5bcbba44e9db10abc8b38528948166828bc6567845e4835231

    • SHA512

      29f40001ec5a58e13b2f87df652324ed2354d38dc9d7e91606b84d0df8a63e1e2495d3ebf07dc4d0123ed198a83e652458094eb52dde9b8f806352f0958c4df4

    • SSDEEP

      12288:0MrCy90RJPQxFfs1kGxNCH+RDQbkiBWZPuk/CO4PqNeSxX:my04KxLpQb3WLCO4PqNeSxX

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks