General

  • Target

    ad043e13c9fddd8eaec1c9adc9878914efc118a892d72b33def1e224de33ca91

  • Size

    683KB

  • Sample

    241109-xmkywazeqb

  • MD5

    ca5241e253d180f94fc8cc42af178bc8

  • SHA1

    0ff66dbb8f6a93d5cbc504fd511fef9d37526674

  • SHA256

    ad043e13c9fddd8eaec1c9adc9878914efc118a892d72b33def1e224de33ca91

  • SHA512

    82b4070e6e5d42c666e9f9bc217059cac5dd0a471459af00161efbeba8dcbd851e04d955ffbdddfb4579a055e910f1640eb8fcddf27194f1febe8b6e95e97374

  • SSDEEP

    12288:3Mr8y90ZpwX5v5cIaegRWTW+VDRyjZlQkbBevBMTWF2tK9Oqechi8q6pe:zyowXzcIae0/jZlQW4MSseOqecwye

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      ad043e13c9fddd8eaec1c9adc9878914efc118a892d72b33def1e224de33ca91

    • Size

      683KB

    • MD5

      ca5241e253d180f94fc8cc42af178bc8

    • SHA1

      0ff66dbb8f6a93d5cbc504fd511fef9d37526674

    • SHA256

      ad043e13c9fddd8eaec1c9adc9878914efc118a892d72b33def1e224de33ca91

    • SHA512

      82b4070e6e5d42c666e9f9bc217059cac5dd0a471459af00161efbeba8dcbd851e04d955ffbdddfb4579a055e910f1640eb8fcddf27194f1febe8b6e95e97374

    • SSDEEP

      12288:3Mr8y90ZpwX5v5cIaegRWTW+VDRyjZlQkbBevBMTWF2tK9Oqechi8q6pe:zyowXzcIae0/jZlQW4MSseOqecwye

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks