General

  • Target

    4a3600e096335e3cbd52595ec1b65cb6f53771ec5ac684768035119823005572

  • Size

    688KB

  • Sample

    241109-el34ysxcna

  • MD5

    b353666bbc70f4b8aefc6e4b99d53035

  • SHA1

    36c3473a5f09492ea6705cedd335b53f2360fdb7

  • SHA256

    4a3600e096335e3cbd52595ec1b65cb6f53771ec5ac684768035119823005572

  • SHA512

    de249546b0465e3648397b410a1ac1c57cbfc01255e468d8193cb098f0991fc219fd618e608a98c19350439c9f701c04c6e2aa5743f0806339d58e7a3d0b4b86

  • SSDEEP

    12288:HMrky90YMR/Blp0pMOjbehXoiFHPH1F86zykNMgzI9tzEZy2VYSf5fN:7y2JBTYRbko0P1FFzLk2VYkL

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      4a3600e096335e3cbd52595ec1b65cb6f53771ec5ac684768035119823005572

    • Size

      688KB

    • MD5

      b353666bbc70f4b8aefc6e4b99d53035

    • SHA1

      36c3473a5f09492ea6705cedd335b53f2360fdb7

    • SHA256

      4a3600e096335e3cbd52595ec1b65cb6f53771ec5ac684768035119823005572

    • SHA512

      de249546b0465e3648397b410a1ac1c57cbfc01255e468d8193cb098f0991fc219fd618e608a98c19350439c9f701c04c6e2aa5743f0806339d58e7a3d0b4b86

    • SSDEEP

      12288:HMrky90YMR/Blp0pMOjbehXoiFHPH1F86zykNMgzI9tzEZy2VYSf5fN:7y2JBTYRbko0P1FFzLk2VYkL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks