General

  • Target

    f9a469fbee74f07a6e406c415cd555fb0670efd7c878718efba87b7e5892f5b6

  • Size

    688KB

  • Sample

    241109-epy96sxdnj

  • MD5

    98ed66fc95ebf595e311dd0249832d2f

  • SHA1

    333b871f4a6ea5029d554f7256c981af4aada1e0

  • SHA256

    f9a469fbee74f07a6e406c415cd555fb0670efd7c878718efba87b7e5892f5b6

  • SHA512

    46696d765721765312c8a97b1ee294cfac708eab3acf8a79a964d8a48b0e7a0bfefe15cabf37730638e0622052db6a2f0535ff019cbf5d77059ba9e09537a357

  • SSDEEP

    12288:YMrCy90MDMGiOG25tG0UBGb502/xDH4D5wzPfcEySufUdu1/:qyV4VOGkG03yaxDH4MPwk0/

Malware Config

Extracted

Family

redline

Botnet

vint

C2

193.233.20.30:4125

Attributes
  • auth_value

    fb8811912f8370b3d23bffda092d88d0

Targets

    • Target

      f9a469fbee74f07a6e406c415cd555fb0670efd7c878718efba87b7e5892f5b6

    • Size

      688KB

    • MD5

      98ed66fc95ebf595e311dd0249832d2f

    • SHA1

      333b871f4a6ea5029d554f7256c981af4aada1e0

    • SHA256

      f9a469fbee74f07a6e406c415cd555fb0670efd7c878718efba87b7e5892f5b6

    • SHA512

      46696d765721765312c8a97b1ee294cfac708eab3acf8a79a964d8a48b0e7a0bfefe15cabf37730638e0622052db6a2f0535ff019cbf5d77059ba9e09537a357

    • SSDEEP

      12288:YMrCy90MDMGiOG25tG0UBGb502/xDH4D5wzPfcEySufUdu1/:qyV4VOGkG03yaxDH4MPwk0/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks