General

  • Target

    165ab18e04a1a7b9c01dee599e4a278499e2dde92d1e75e3f8fe6dcd01cf07a0

  • Size

    688KB

  • Sample

    241109-fx973sycnm

  • MD5

    06ef43028d863cb80499a8e79c43fcf6

  • SHA1

    7158045e2fac1df01d13bdf9d4cbea48583fdafe

  • SHA256

    165ab18e04a1a7b9c01dee599e4a278499e2dde92d1e75e3f8fe6dcd01cf07a0

  • SHA512

    54564989557057ea3f91de2dc396a485598d7e0f36fc395a5e2222268ae5d164ab95ad7759800ee51730e0506874c4eaf3190e3e142a3f56a8cd490f9f3a2301

  • SSDEEP

    12288:1Mroy907T3VKh+tMTJaLJv2Ximw4IfVVmyJJs43xEYMTKbYS4lvewEIeeZX:Fy63VBtMdaLJuSmwVmgu4hbM+lDws8X

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      165ab18e04a1a7b9c01dee599e4a278499e2dde92d1e75e3f8fe6dcd01cf07a0

    • Size

      688KB

    • MD5

      06ef43028d863cb80499a8e79c43fcf6

    • SHA1

      7158045e2fac1df01d13bdf9d4cbea48583fdafe

    • SHA256

      165ab18e04a1a7b9c01dee599e4a278499e2dde92d1e75e3f8fe6dcd01cf07a0

    • SHA512

      54564989557057ea3f91de2dc396a485598d7e0f36fc395a5e2222268ae5d164ab95ad7759800ee51730e0506874c4eaf3190e3e142a3f56a8cd490f9f3a2301

    • SSDEEP

      12288:1Mroy907T3VKh+tMTJaLJv2Ximw4IfVVmyJJs43xEYMTKbYS4lvewEIeeZX:Fy63VBtMdaLJuSmwVmgu4hbM+lDws8X

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks