General

  • Target

    2ba0576ca6b2e86a20a17e9a8ded27450995c744759e4270cc2be8d49949fcf0

  • Size

    551KB

  • Sample

    241109-f2rarsxpgw

  • MD5

    88d3e9b6e625cdacba31d52d21d704b4

  • SHA1

    8328ca10bb3660e64cd97f00b37f0a98b5fd4288

  • SHA256

    2ba0576ca6b2e86a20a17e9a8ded27450995c744759e4270cc2be8d49949fcf0

  • SHA512

    5076b4027c9d4e5747dc9bd1351a3019728ee04c03fe1dbedbdbb34ea3a28de1d68c2f5b787dd1b6af2a3ea51cbae5ba981710a58a253bade3b4d8d0712ac03c

  • SSDEEP

    12288:5Mrcy900/piANdQcIvW0CDIsmE7zXeEmJQVbrMxL:RythiBcW1hsR7zXxmJQJrcL

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      2ba0576ca6b2e86a20a17e9a8ded27450995c744759e4270cc2be8d49949fcf0

    • Size

      551KB

    • MD5

      88d3e9b6e625cdacba31d52d21d704b4

    • SHA1

      8328ca10bb3660e64cd97f00b37f0a98b5fd4288

    • SHA256

      2ba0576ca6b2e86a20a17e9a8ded27450995c744759e4270cc2be8d49949fcf0

    • SHA512

      5076b4027c9d4e5747dc9bd1351a3019728ee04c03fe1dbedbdbb34ea3a28de1d68c2f5b787dd1b6af2a3ea51cbae5ba981710a58a253bade3b4d8d0712ac03c

    • SSDEEP

      12288:5Mrcy900/piANdQcIvW0CDIsmE7zXeEmJQVbrMxL:RythiBcW1hsR7zXxmJQJrcL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks