General

  • Target

    2be8fa7c6d84f8c4efdf5682c33c3d71b503ec6b7367c135e1a75495402ab070

  • Size

    908KB

  • Sample

    241109-fqhjgsyblr

  • MD5

    d8849d08279effb603fdf0236655bb8e

  • SHA1

    8525858fe42b0166819dd23e35e663164bb0f664

  • SHA256

    2be8fa7c6d84f8c4efdf5682c33c3d71b503ec6b7367c135e1a75495402ab070

  • SHA512

    03b2c942d3e05a19243ca4c8c99d5886407b542b79ff0e2a1fbf9347bcf6b8a6b8129f0eda8be41babbfde514d65e7e3952ffc2368524e8808cc058a7a1b68c7

  • SSDEEP

    12288:OMrry90UyInNymGEu3GyxAzkEW/frebIs4InAqRydsGCCKl0Ljpu/xN8k/do:VyKSsmw3nxAy6DwdsGCwpmNn/i

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      2be8fa7c6d84f8c4efdf5682c33c3d71b503ec6b7367c135e1a75495402ab070

    • Size

      908KB

    • MD5

      d8849d08279effb603fdf0236655bb8e

    • SHA1

      8525858fe42b0166819dd23e35e663164bb0f664

    • SHA256

      2be8fa7c6d84f8c4efdf5682c33c3d71b503ec6b7367c135e1a75495402ab070

    • SHA512

      03b2c942d3e05a19243ca4c8c99d5886407b542b79ff0e2a1fbf9347bcf6b8a6b8129f0eda8be41babbfde514d65e7e3952ffc2368524e8808cc058a7a1b68c7

    • SSDEEP

      12288:OMrry90UyInNymGEu3GyxAzkEW/frebIs4InAqRydsGCCKl0Ljpu/xN8k/do:VyKSsmw3nxAy6DwdsGCwpmNn/i

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks