General

  • Target

    0a10d36e603e8b095ac660fd725691f1899f7b402501b95cbb0b75f71d1f942e

  • Size

    546KB

  • Sample

    241109-x6qy8s1alh

  • MD5

    1e254450bef13a5b8a23b9b0c5581479

  • SHA1

    2a28749e16fa28ac5a905587bdce52d42f44255f

  • SHA256

    0a10d36e603e8b095ac660fd725691f1899f7b402501b95cbb0b75f71d1f942e

  • SHA512

    900557820fbf1107b063c4fb0970e4e693d0d81798426731057ec9b5f6ab448a953e4979f0ca08e5c90d65c2548b1301a9690a8cb73e992fea495b5cd1ede2fe

  • SSDEEP

    12288:qMrCy90QyD/OGheYKfztkPuZkYzIlW7Ifv:Uy3cLeYAztRNuln

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      0a10d36e603e8b095ac660fd725691f1899f7b402501b95cbb0b75f71d1f942e

    • Size

      546KB

    • MD5

      1e254450bef13a5b8a23b9b0c5581479

    • SHA1

      2a28749e16fa28ac5a905587bdce52d42f44255f

    • SHA256

      0a10d36e603e8b095ac660fd725691f1899f7b402501b95cbb0b75f71d1f942e

    • SHA512

      900557820fbf1107b063c4fb0970e4e693d0d81798426731057ec9b5f6ab448a953e4979f0ca08e5c90d65c2548b1301a9690a8cb73e992fea495b5cd1ede2fe

    • SSDEEP

      12288:qMrCy90QyD/OGheYKfztkPuZkYzIlW7Ifv:Uy3cLeYAztRNuln

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks