General

  • Target

    455f2a035fe625508f42a80dbfe70e176f934ee3aee4d3217e92c3611c632fb3

  • Size

    687KB

  • Sample

    241109-gtkcxsyhra

  • MD5

    e6c787b3b118bc67f94a7ce4d0f8741a

  • SHA1

    45dfb9ca9ae71a771968ca8d6071822f0e96eef8

  • SHA256

    455f2a035fe625508f42a80dbfe70e176f934ee3aee4d3217e92c3611c632fb3

  • SHA512

    36a71af602e8204d010cdd7cafc4891dc982ba7d4f68af8b7e8957fa44754e38991a8034c7fbfa9136b3a7c71f6e37816a7b1f00a1cc5a80f98714bfc9482d4b

  • SSDEEP

    12288:RMrKy90BLO4jVk2+u9GmC75pLtPpCe8FOZTx9qO/qT7iVBPs6t3reK7VYCzZl95:jyeS4nwmC75JftjJqvikwn7VYCh5

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      455f2a035fe625508f42a80dbfe70e176f934ee3aee4d3217e92c3611c632fb3

    • Size

      687KB

    • MD5

      e6c787b3b118bc67f94a7ce4d0f8741a

    • SHA1

      45dfb9ca9ae71a771968ca8d6071822f0e96eef8

    • SHA256

      455f2a035fe625508f42a80dbfe70e176f934ee3aee4d3217e92c3611c632fb3

    • SHA512

      36a71af602e8204d010cdd7cafc4891dc982ba7d4f68af8b7e8957fa44754e38991a8034c7fbfa9136b3a7c71f6e37816a7b1f00a1cc5a80f98714bfc9482d4b

    • SSDEEP

      12288:RMrKy90BLO4jVk2+u9GmC75pLtPpCe8FOZTx9qO/qT7iVBPs6t3reK7VYCzZl95:jyeS4nwmC75JftjJqvikwn7VYCh5

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks