General

  • Target

    00924b43e5abbd9ed3f95fc3fcbc83925117bad52fa5c839589291210ae03acd

  • Size

    1.2MB

  • Sample

    241109-fs77xsybrp

  • MD5

    c4ea0d712091337f8c2dd6407e25eb7b

  • SHA1

    23f2d0ea1429f2a111e76996a52384989f28d521

  • SHA256

    00924b43e5abbd9ed3f95fc3fcbc83925117bad52fa5c839589291210ae03acd

  • SHA512

    d605ffa54303cf71c0e91fad1e229d03a5a05cc05aedc0412b6b5af18d405003a59fb94e8d9c08272ae8af0c4a16c9d1a60b03237af2f4cb17883db61a049b7a

  • SSDEEP

    24576:gj3K/AAOwOCmhhGrQdhrZuk/BJdQtcaDRC24Hqhb:gjOQ5FfdQtcIN

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      00924b43e5abbd9ed3f95fc3fcbc83925117bad52fa5c839589291210ae03acd

    • Size

      1.2MB

    • MD5

      c4ea0d712091337f8c2dd6407e25eb7b

    • SHA1

      23f2d0ea1429f2a111e76996a52384989f28d521

    • SHA256

      00924b43e5abbd9ed3f95fc3fcbc83925117bad52fa5c839589291210ae03acd

    • SHA512

      d605ffa54303cf71c0e91fad1e229d03a5a05cc05aedc0412b6b5af18d405003a59fb94e8d9c08272ae8af0c4a16c9d1a60b03237af2f4cb17883db61a049b7a

    • SSDEEP

      24576:gj3K/AAOwOCmhhGrQdhrZuk/BJdQtcaDRC24Hqhb:gjOQ5FfdQtcIN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks