General

  • Target

    c670dee508f57e57f56a58dc518807ce0b6963355c03a7d0a86da8dde6f10886

  • Size

    556KB

  • Sample

    241109-x6ma2s1alf

  • MD5

    0ab4db145aa877157b1b5e963b055f8e

  • SHA1

    e260b3c66c26e0e61e124a4a2f94b2f8f60b52ad

  • SHA256

    c670dee508f57e57f56a58dc518807ce0b6963355c03a7d0a86da8dde6f10886

  • SHA512

    aeddd2216971bf5a9b3c500a4da1aaf7af02354845c7d2e39312a39d88acec973151ecc1c7986c2c2362fb06f0e5b871a6a9413ac4b2b3f1c534836107691cf9

  • SSDEEP

    12288:ZMrLy905mXmFCyEv7RUd7WZd/qoQFq8PH3Pgw:WyHXmFBE72dElQxf/F

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      c670dee508f57e57f56a58dc518807ce0b6963355c03a7d0a86da8dde6f10886

    • Size

      556KB

    • MD5

      0ab4db145aa877157b1b5e963b055f8e

    • SHA1

      e260b3c66c26e0e61e124a4a2f94b2f8f60b52ad

    • SHA256

      c670dee508f57e57f56a58dc518807ce0b6963355c03a7d0a86da8dde6f10886

    • SHA512

      aeddd2216971bf5a9b3c500a4da1aaf7af02354845c7d2e39312a39d88acec973151ecc1c7986c2c2362fb06f0e5b871a6a9413ac4b2b3f1c534836107691cf9

    • SSDEEP

      12288:ZMrLy905mXmFCyEv7RUd7WZd/qoQFq8PH3Pgw:WyHXmFBE72dElQxf/F

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks