General

  • Target

    cdfccb9c6cba33029d7bf898e82943a7156cf3652f564adf39095b138f09578e

  • Size

    1.2MB

  • Sample

    241109-xvhhqasrdm

  • MD5

    ac1510466e6364b9728c1c72e8b7e224

  • SHA1

    f0b6cdd5ef1efd204c866ce3f331f59579e49a2d

  • SHA256

    cdfccb9c6cba33029d7bf898e82943a7156cf3652f564adf39095b138f09578e

  • SHA512

    5f2786314aec8e8998af356cdca981ead39b2d8411274a8dfe1ca1da78c157e03df96ac451427fba18e969aac6e1c84cdca802219f1d97d01ffa59ce96b3b796

  • SSDEEP

    24576:W9h9DPt4hMaYTFBwZRvrtKJk5vZssiYQbrAfUPR:W/9D14dYTP85rtZ5TT4Af

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      cdfccb9c6cba33029d7bf898e82943a7156cf3652f564adf39095b138f09578e

    • Size

      1.2MB

    • MD5

      ac1510466e6364b9728c1c72e8b7e224

    • SHA1

      f0b6cdd5ef1efd204c866ce3f331f59579e49a2d

    • SHA256

      cdfccb9c6cba33029d7bf898e82943a7156cf3652f564adf39095b138f09578e

    • SHA512

      5f2786314aec8e8998af356cdca981ead39b2d8411274a8dfe1ca1da78c157e03df96ac451427fba18e969aac6e1c84cdca802219f1d97d01ffa59ce96b3b796

    • SSDEEP

      24576:W9h9DPt4hMaYTFBwZRvrtKJk5vZssiYQbrAfUPR:W/9D14dYTP85rtZ5TT4Af

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks