General

  • Target

    1eeb69d2e89daef4ab47c23e81bbc8c72d6be53b7a938ad49fba4a3df5b70f76

  • Size

    688KB

  • Sample

    241109-flhzfs1ker

  • MD5

    d2e8eb400454baaa36b63f0386fcdef7

  • SHA1

    f3326eda9acf4dbb06e84a49b23f36ac2cfd1126

  • SHA256

    1eeb69d2e89daef4ab47c23e81bbc8c72d6be53b7a938ad49fba4a3df5b70f76

  • SHA512

    167070c9584d273f03d85ce91bef4d8537864b72dc5151b88c516648089f2de9d7c92a451ac43198e2b26058ced9a8a46f87b3c7579578baf3388cbe8dbfb855

  • SSDEEP

    12288:3Mrgy90M6VnUG7OMzPaIMdlMpe2wWHxTsA9+radiTFAlgDbcmWL:Lyt6V5OMzP0aeTWHtss+22bbcZ

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      1eeb69d2e89daef4ab47c23e81bbc8c72d6be53b7a938ad49fba4a3df5b70f76

    • Size

      688KB

    • MD5

      d2e8eb400454baaa36b63f0386fcdef7

    • SHA1

      f3326eda9acf4dbb06e84a49b23f36ac2cfd1126

    • SHA256

      1eeb69d2e89daef4ab47c23e81bbc8c72d6be53b7a938ad49fba4a3df5b70f76

    • SHA512

      167070c9584d273f03d85ce91bef4d8537864b72dc5151b88c516648089f2de9d7c92a451ac43198e2b26058ced9a8a46f87b3c7579578baf3388cbe8dbfb855

    • SSDEEP

      12288:3Mrgy90M6VnUG7OMzPaIMdlMpe2wWHxTsA9+radiTFAlgDbcmWL:Lyt6V5OMzP0aeTWHtss+22bbcZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks