General

  • Target

    66a18c8185e38f9a765ca44d43319be3296dd0d44a3b4f3d306be6e50bcbf03c

  • Size

    537KB

  • Sample

    241109-fxz24sycnk

  • MD5

    4c1e8bfaa8e9843b599573399b653867

  • SHA1

    942abe1147ecd09ff4ad87160e910ab87993ff88

  • SHA256

    66a18c8185e38f9a765ca44d43319be3296dd0d44a3b4f3d306be6e50bcbf03c

  • SHA512

    8eaef6b9c5c1f1671c2fe3f5f204ad0d1494282dbe0b52c2a6d4d840eae36a84edea0b7c319b5cc848be02bcafe789ad92a13f27b23460c331d4919210b4fd91

  • SSDEEP

    12288:EMrJy90qb04wcvEaWPKVplhEDxhU5xYVGmNIEQqPrbAp0:VyfbpFBCKVplekxY9bnPr7

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      66a18c8185e38f9a765ca44d43319be3296dd0d44a3b4f3d306be6e50bcbf03c

    • Size

      537KB

    • MD5

      4c1e8bfaa8e9843b599573399b653867

    • SHA1

      942abe1147ecd09ff4ad87160e910ab87993ff88

    • SHA256

      66a18c8185e38f9a765ca44d43319be3296dd0d44a3b4f3d306be6e50bcbf03c

    • SHA512

      8eaef6b9c5c1f1671c2fe3f5f204ad0d1494282dbe0b52c2a6d4d840eae36a84edea0b7c319b5cc848be02bcafe789ad92a13f27b23460c331d4919210b4fd91

    • SSDEEP

      12288:EMrJy90qb04wcvEaWPKVplhEDxhU5xYVGmNIEQqPrbAp0:VyfbpFBCKVplekxY9bnPr7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks