General

  • Target

    b2f8bc6f75148075e3023d5a9d4983783b9c6b939d2bc7b863ab99531d88d1ef

  • Size

    683KB

  • Sample

    241109-xpharszfnm

  • MD5

    a83d423ae8d811a6530b16f3cd3840a1

  • SHA1

    e7f2d963d8cbdb23076250e9c4787041eba38d6d

  • SHA256

    b2f8bc6f75148075e3023d5a9d4983783b9c6b939d2bc7b863ab99531d88d1ef

  • SHA512

    c8998186ae8acba704cb94c555363f8cea0362b66aef31106960510fa887ed014070a804d5ce22946a6ad95e8af967c0d009cb5f3a32068cc129901276a91e04

  • SSDEEP

    12288:eMr+y90wrQFIqxgvgBDGsLm3N/ITEnwS2kcB1k7255bgpquTqZc5aUJIk:kyTrQFxgvGDLLm3xuawS2h7wpLTqZc59

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      b2f8bc6f75148075e3023d5a9d4983783b9c6b939d2bc7b863ab99531d88d1ef

    • Size

      683KB

    • MD5

      a83d423ae8d811a6530b16f3cd3840a1

    • SHA1

      e7f2d963d8cbdb23076250e9c4787041eba38d6d

    • SHA256

      b2f8bc6f75148075e3023d5a9d4983783b9c6b939d2bc7b863ab99531d88d1ef

    • SHA512

      c8998186ae8acba704cb94c555363f8cea0362b66aef31106960510fa887ed014070a804d5ce22946a6ad95e8af967c0d009cb5f3a32068cc129901276a91e04

    • SSDEEP

      12288:eMr+y90wrQFIqxgvgBDGsLm3N/ITEnwS2kcB1k7255bgpquTqZc5aUJIk:kyTrQFxgvGDLLm3xuawS2h7wpLTqZc59

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks