General

  • Target

    99b15aeacdab05c4f3fcbcf0405ee88296997b00b7382af7289d98e66d4e7f22N

  • Size

    688KB

  • Sample

    241109-x4zhlatkcm

  • MD5

    abfce14a4505ab1e2e1efec82ed68ac0

  • SHA1

    2a8e9359438160b08466f2040b4841dca6b27e23

  • SHA256

    99b15aeacdab05c4f3fcbcf0405ee88296997b00b7382af7289d98e66d4e7f22

  • SHA512

    289404198c2131886c5e2d06af81810d12e2bf83993c3f11c5c1829f6f81e01af73de371a7abbae6e56d13077e36f663d4dd388962b83e27bdfa7cec7800defd

  • SSDEEP

    12288:GMr4y90+yjJXIg5wJDatXLPuEUrAvp5xsS6CclDWorcNBJhql+43x/PMbKbJfaYm:Sy0jJYJDatXL5UrGlqpDW+4BmY4hHM2k

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      99b15aeacdab05c4f3fcbcf0405ee88296997b00b7382af7289d98e66d4e7f22N

    • Size

      688KB

    • MD5

      abfce14a4505ab1e2e1efec82ed68ac0

    • SHA1

      2a8e9359438160b08466f2040b4841dca6b27e23

    • SHA256

      99b15aeacdab05c4f3fcbcf0405ee88296997b00b7382af7289d98e66d4e7f22

    • SHA512

      289404198c2131886c5e2d06af81810d12e2bf83993c3f11c5c1829f6f81e01af73de371a7abbae6e56d13077e36f663d4dd388962b83e27bdfa7cec7800defd

    • SSDEEP

      12288:GMr4y90+yjJXIg5wJDatXLPuEUrAvp5xsS6CclDWorcNBJhql+43x/PMbKbJfaYm:Sy0jJYJDatXL5UrGlqpDW+4BmY4hHM2k

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks