General

  • Target

    38fc37d74d59a9a1872a16354fedcb639a6fcc10eed4283d2f153fba9c97e603

  • Size

    682KB

  • Sample

    241109-ekcwdaxcmm

  • MD5

    9e4f865bd4d18f5618fdea189d90218b

  • SHA1

    4bb1d2b7765763fcdab1f607e89fa701b2167f19

  • SHA256

    38fc37d74d59a9a1872a16354fedcb639a6fcc10eed4283d2f153fba9c97e603

  • SHA512

    bd3b52ba629c1000caaaa84b683ae6d20f6335b077e5961aed28c1f6110ba9aeb3f3adf15221140dd9c74ea58a44c29fb5643c82213b4822afc14a03e2a70031

  • SSDEEP

    12288:aMrgy90GmtqC5UmF8YAsIbn6JWQZ2xk3BNZceU0CjoN33qaaMtJYvOg+O0:my2PAsrTZ2xedCUN33qaaMtJcOgX0

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      38fc37d74d59a9a1872a16354fedcb639a6fcc10eed4283d2f153fba9c97e603

    • Size

      682KB

    • MD5

      9e4f865bd4d18f5618fdea189d90218b

    • SHA1

      4bb1d2b7765763fcdab1f607e89fa701b2167f19

    • SHA256

      38fc37d74d59a9a1872a16354fedcb639a6fcc10eed4283d2f153fba9c97e603

    • SHA512

      bd3b52ba629c1000caaaa84b683ae6d20f6335b077e5961aed28c1f6110ba9aeb3f3adf15221140dd9c74ea58a44c29fb5643c82213b4822afc14a03e2a70031

    • SSDEEP

      12288:aMrgy90GmtqC5UmF8YAsIbn6JWQZ2xk3BNZceU0CjoN33qaaMtJYvOg+O0:my2PAsrTZ2xedCUN33qaaMtJcOgX0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks