General

  • Target

    cd66c2887b7851c963038fcafa6fedf7770822fe42b82f18f3b09682883d87e8

  • Size

    545KB

  • Sample

    241109-fpsm3aybje

  • MD5

    df8c0998a330520a75f8793b8488dc0a

  • SHA1

    4cfa2d61ec7814becae9860b431ceabf167cb991

  • SHA256

    cd66c2887b7851c963038fcafa6fedf7770822fe42b82f18f3b09682883d87e8

  • SHA512

    8b69c6f84bb15a3c79115989221a12ffed30ed6219c9863b65b6ee70eb60898afcbc126480f624aabf2f98ed75841da3fae818ea018870c2de4bd83096fa441a

  • SSDEEP

    12288:FMrmy90tvExVUMw3TXo5qDFW0Z7yAf9yDZyhQ:TyeuVUBTYoFW0Z7xViwhQ

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      cd66c2887b7851c963038fcafa6fedf7770822fe42b82f18f3b09682883d87e8

    • Size

      545KB

    • MD5

      df8c0998a330520a75f8793b8488dc0a

    • SHA1

      4cfa2d61ec7814becae9860b431ceabf167cb991

    • SHA256

      cd66c2887b7851c963038fcafa6fedf7770822fe42b82f18f3b09682883d87e8

    • SHA512

      8b69c6f84bb15a3c79115989221a12ffed30ed6219c9863b65b6ee70eb60898afcbc126480f624aabf2f98ed75841da3fae818ea018870c2de4bd83096fa441a

    • SSDEEP

      12288:FMrmy90tvExVUMw3TXo5qDFW0Z7yAf9yDZyhQ:TyeuVUBTYoFW0Z7xViwhQ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks