General

  • Target

    6d91ba5a63be719bd0eabf37076a443173bf171084d4bde0881ec94be5e7cae7

  • Size

    764KB

  • Sample

    241109-fre5ra1lek

  • MD5

    1152a8c0c424e3dec6af59369d9ea2fd

  • SHA1

    aab0bcae1bcdf43c886692eb6dcd85ca5f98f189

  • SHA256

    6d91ba5a63be719bd0eabf37076a443173bf171084d4bde0881ec94be5e7cae7

  • SHA512

    ea074eeca8fce56c427e78fdefea6a2342409cd491262c00ab9aef325de5b1c9d8b34c0fe98b190d6830ba53f88dc306a121ae0b580b49df5e8a05f01ed46221

  • SSDEEP

    12288:pMrOy901Mz8TWO2mof6gig+h4Ti0JAXGaKWMWPHddbYWxLOrepY3JgZ0jLJ:Dy1z8TB2Pv+hqi0u2bTWPHdSWxqrjJFV

Malware Config

Extracted

Family

redline

Botnet

dubna

C2

193.233.20.11:4131

Attributes
  • auth_value

    f324b1269094b7462e56bab025f032f4

Targets

    • Target

      6d91ba5a63be719bd0eabf37076a443173bf171084d4bde0881ec94be5e7cae7

    • Size

      764KB

    • MD5

      1152a8c0c424e3dec6af59369d9ea2fd

    • SHA1

      aab0bcae1bcdf43c886692eb6dcd85ca5f98f189

    • SHA256

      6d91ba5a63be719bd0eabf37076a443173bf171084d4bde0881ec94be5e7cae7

    • SHA512

      ea074eeca8fce56c427e78fdefea6a2342409cd491262c00ab9aef325de5b1c9d8b34c0fe98b190d6830ba53f88dc306a121ae0b580b49df5e8a05f01ed46221

    • SSDEEP

      12288:pMrOy901Mz8TWO2mof6gig+h4Ti0JAXGaKWMWPHddbYWxLOrepY3JgZ0jLJ:Dy1z8TB2Pv+hqi0u2bTWPHdSWxqrjJFV

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks