General

  • Target

    0cf69d5276784da26bd0da271df5ba1291f2466c636de3f9047febea8b2016c8

  • Size

    836KB

  • Sample

    241109-x5376szlcy

  • MD5

    ce8ef1c02582937e159390d6a71f0a7e

  • SHA1

    0004c774a6d22f7b976eab2bf6c7237c3c5e3c18

  • SHA256

    0cf69d5276784da26bd0da271df5ba1291f2466c636de3f9047febea8b2016c8

  • SHA512

    ccba6403d8d855e21a4ee6fc3a1246a44dfc5278c8f10b2f07cbc9cbb33684fb3173117ab07344452138382601d99a201d16f5ac88af723f5e43fdd5a14547d8

  • SSDEEP

    24576:oyjHkY9zEC4Koi7Rk24eYWsDJ31ix/FYT:vdRgq77st3E/F

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      0cf69d5276784da26bd0da271df5ba1291f2466c636de3f9047febea8b2016c8

    • Size

      836KB

    • MD5

      ce8ef1c02582937e159390d6a71f0a7e

    • SHA1

      0004c774a6d22f7b976eab2bf6c7237c3c5e3c18

    • SHA256

      0cf69d5276784da26bd0da271df5ba1291f2466c636de3f9047febea8b2016c8

    • SHA512

      ccba6403d8d855e21a4ee6fc3a1246a44dfc5278c8f10b2f07cbc9cbb33684fb3173117ab07344452138382601d99a201d16f5ac88af723f5e43fdd5a14547d8

    • SSDEEP

      24576:oyjHkY9zEC4Koi7Rk24eYWsDJ31ix/FYT:vdRgq77st3E/F

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks