General

  • Target

    79a4482cd65f617d06f1398f23e9d4a0848807df3f478fc28881ef65ec726e3c

  • Size

    553KB

  • Sample

    241109-eqft8axdkh

  • MD5

    1596f32af705dd89bb18052eb82479bd

  • SHA1

    7f6346ed73736a83c6fa0bbb123b461613fb8dc9

  • SHA256

    79a4482cd65f617d06f1398f23e9d4a0848807df3f478fc28881ef65ec726e3c

  • SHA512

    1d66f47674d4ef3773e04897bd7424bdde3d330c8dec3d72fbb5b37cd8231e1f919b2a734278005e962a10b9a2519180c742fa5c33a6abc23a9eed0100908830

  • SSDEEP

    6144:KUy+bnr+Gp0yN90QEqgbAnbPkWcnZNf0cbam4NP/w/pG4EEXQ7LJoxe6BVfKP6tW:UMrGy90AgkT11/k84rXIQBdKy5DhVfa

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      79a4482cd65f617d06f1398f23e9d4a0848807df3f478fc28881ef65ec726e3c

    • Size

      553KB

    • MD5

      1596f32af705dd89bb18052eb82479bd

    • SHA1

      7f6346ed73736a83c6fa0bbb123b461613fb8dc9

    • SHA256

      79a4482cd65f617d06f1398f23e9d4a0848807df3f478fc28881ef65ec726e3c

    • SHA512

      1d66f47674d4ef3773e04897bd7424bdde3d330c8dec3d72fbb5b37cd8231e1f919b2a734278005e962a10b9a2519180c742fa5c33a6abc23a9eed0100908830

    • SSDEEP

      6144:KUy+bnr+Gp0yN90QEqgbAnbPkWcnZNf0cbam4NP/w/pG4EEXQ7LJoxe6BVfKP6tW:UMrGy90AgkT11/k84rXIQBdKy5DhVfa

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks