General

  • Target

    f3223141604cabe88da04de576adf880ea4faae04980823defe15dbcd115505e

  • Size

    850KB

  • Sample

    241109-fqnqhayblc

  • MD5

    170ba6adad30983f5f469868f6ec8453

  • SHA1

    522c209d130facb601b48f4aed467906d3149214

  • SHA256

    f3223141604cabe88da04de576adf880ea4faae04980823defe15dbcd115505e

  • SHA512

    6b736dc93a32b679426762f7a23022d5ae5af958bec75e5b2472489bb7f44a75b28527918cf743b50bbdcd1ae3b8bea90ecbb8ea17d22dc4e1e51157442dffaf

  • SSDEEP

    24576:YyIPbLXgcp+ap++krXVwO84Y5OLaJveDS:fkbLX1ptp++AFwOZY5tve

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      f3223141604cabe88da04de576adf880ea4faae04980823defe15dbcd115505e

    • Size

      850KB

    • MD5

      170ba6adad30983f5f469868f6ec8453

    • SHA1

      522c209d130facb601b48f4aed467906d3149214

    • SHA256

      f3223141604cabe88da04de576adf880ea4faae04980823defe15dbcd115505e

    • SHA512

      6b736dc93a32b679426762f7a23022d5ae5af958bec75e5b2472489bb7f44a75b28527918cf743b50bbdcd1ae3b8bea90ecbb8ea17d22dc4e1e51157442dffaf

    • SSDEEP

      24576:YyIPbLXgcp+ap++krXVwO84Y5OLaJveDS:fkbLX1ptp++AFwOZY5tve

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks