General

  • Target

    2322597b0e7c1ecfe76aec241bfce33b11b123bb3d4cdde5d465fe87ed317ff4

  • Size

    777KB

  • Sample

    241109-ejy28axcjb

  • MD5

    4b648b68b83a424df9a2c5e5a73d95ae

  • SHA1

    5a2f35120b807f72c890e71f771d11a5eea92b4d

  • SHA256

    2322597b0e7c1ecfe76aec241bfce33b11b123bb3d4cdde5d465fe87ed317ff4

  • SHA512

    deaa8b72e23d5f0da07fb834c1479ea277a299300e8abee3bec5fae7733d72c11c75c24c103414a20cd26b9d269b53b3d10ec6ffa8e2152cacb4a5c418cf66cf

  • SSDEEP

    12288:AMrLy90EXu3cbU+uOw2eJl0P6aq7VmnPJk6sDTtoepp9TMMYNmjdvjz1WNF58RYs:byiuU+uzm27iJ9sDarajpjzINf84vK

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      2322597b0e7c1ecfe76aec241bfce33b11b123bb3d4cdde5d465fe87ed317ff4

    • Size

      777KB

    • MD5

      4b648b68b83a424df9a2c5e5a73d95ae

    • SHA1

      5a2f35120b807f72c890e71f771d11a5eea92b4d

    • SHA256

      2322597b0e7c1ecfe76aec241bfce33b11b123bb3d4cdde5d465fe87ed317ff4

    • SHA512

      deaa8b72e23d5f0da07fb834c1479ea277a299300e8abee3bec5fae7733d72c11c75c24c103414a20cd26b9d269b53b3d10ec6ffa8e2152cacb4a5c418cf66cf

    • SSDEEP

      12288:AMrLy90EXu3cbU+uOw2eJl0P6aq7VmnPJk6sDTtoepp9TMMYNmjdvjz1WNF58RYs:byiuU+uzm27iJ9sDarajpjzINf84vK

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks