General

  • Target

    3d32ae7f799a5b8317355cc55d563b17634d5f162627ae51de108b1342fd3d2f

  • Size

    819KB

  • Sample

    241109-eqa9qsxdnp

  • MD5

    1cd64c65620420f45fb1e50e0dffac49

  • SHA1

    55a1e33f4e019baae9e275aeace8ee57629ba467

  • SHA256

    3d32ae7f799a5b8317355cc55d563b17634d5f162627ae51de108b1342fd3d2f

  • SHA512

    06b2cd4b6759689a02881ffb84ccd4aeeba471f050b771c5287fe72c715d262194beb758c61a853180b35008c91bed8124f41de9fd6cee344d6ec326343b8b18

  • SSDEEP

    24576:TyJK1ab0hLl+4TXfJttWUL9EqTZZV8UX/kzyTEk:mJK1abklvJrZTZ/EyTE

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      3d32ae7f799a5b8317355cc55d563b17634d5f162627ae51de108b1342fd3d2f

    • Size

      819KB

    • MD5

      1cd64c65620420f45fb1e50e0dffac49

    • SHA1

      55a1e33f4e019baae9e275aeace8ee57629ba467

    • SHA256

      3d32ae7f799a5b8317355cc55d563b17634d5f162627ae51de108b1342fd3d2f

    • SHA512

      06b2cd4b6759689a02881ffb84ccd4aeeba471f050b771c5287fe72c715d262194beb758c61a853180b35008c91bed8124f41de9fd6cee344d6ec326343b8b18

    • SSDEEP

      24576:TyJK1ab0hLl+4TXfJttWUL9EqTZZV8UX/kzyTEk:mJK1abklvJrZTZ/EyTE

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks