General

  • Target

    bbf4b836a507eaef6e57e1406071b5173a02a9fd1bd6a47b404759c6b5625b09

  • Size

    688KB

  • Sample

    241109-x6yn3stkfn

  • MD5

    bd2b426c6da8d72e934d1d041f41090f

  • SHA1

    ea44ebd6b974d78847dfc99c1b76849d030e328e

  • SHA256

    bbf4b836a507eaef6e57e1406071b5173a02a9fd1bd6a47b404759c6b5625b09

  • SHA512

    cec291540b622a1d7fbd810eb39844a5ad1690930ea7840905048e2be25abab22ab4ee5c98b6311250e65c823448ab652eb8a4903bc441bf28758c35bee0bf8f

  • SSDEEP

    12288:iMrBy90/qNmlkp1dcm2f/rhjNIOytsq0aKus+c8lwY:3yVr1dcm2f/th2tYssAlwY

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      bbf4b836a507eaef6e57e1406071b5173a02a9fd1bd6a47b404759c6b5625b09

    • Size

      688KB

    • MD5

      bd2b426c6da8d72e934d1d041f41090f

    • SHA1

      ea44ebd6b974d78847dfc99c1b76849d030e328e

    • SHA256

      bbf4b836a507eaef6e57e1406071b5173a02a9fd1bd6a47b404759c6b5625b09

    • SHA512

      cec291540b622a1d7fbd810eb39844a5ad1690930ea7840905048e2be25abab22ab4ee5c98b6311250e65c823448ab652eb8a4903bc441bf28758c35bee0bf8f

    • SSDEEP

      12288:iMrBy90/qNmlkp1dcm2f/rhjNIOytsq0aKus+c8lwY:3yVr1dcm2f/th2tYssAlwY

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks