General

  • Target

    f923702f092880bda1f35a1e8fd6fdbf7b92a1bebf7bbeed226971fae178babf

  • Size

    540KB

  • Sample

    241109-xqqnjasqgp

  • MD5

    754e7f305808df0108e520c9ff30618c

  • SHA1

    ee981b260ec20c28f67873997d600b6786601166

  • SHA256

    f923702f092880bda1f35a1e8fd6fdbf7b92a1bebf7bbeed226971fae178babf

  • SHA512

    3273478482acda2cefc59fc26a0233b47c1645e37f9d11ecc5699850b2d9248bc9ca9b943befd4e2bf37c92bf7f26f20fc04cd9566feaaf23e8eb17cffad0d96

  • SSDEEP

    12288:lMray90hjvwscsnSjXedzdfYqzGzFJTfPmiHnvStxgD:jygzwscYSTy5QqzGzFJjPnHvSta

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      f923702f092880bda1f35a1e8fd6fdbf7b92a1bebf7bbeed226971fae178babf

    • Size

      540KB

    • MD5

      754e7f305808df0108e520c9ff30618c

    • SHA1

      ee981b260ec20c28f67873997d600b6786601166

    • SHA256

      f923702f092880bda1f35a1e8fd6fdbf7b92a1bebf7bbeed226971fae178babf

    • SHA512

      3273478482acda2cefc59fc26a0233b47c1645e37f9d11ecc5699850b2d9248bc9ca9b943befd4e2bf37c92bf7f26f20fc04cd9566feaaf23e8eb17cffad0d96

    • SSDEEP

      12288:lMray90hjvwscsnSjXedzdfYqzGzFJTfPmiHnvStxgD:jygzwscYSTy5QqzGzFJjPnHvSta

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks