General

  • Target

    11319f059f1b07048f4a3bbb74d572114a9285dee03e2d58c66820b09efc578c

  • Size

    537KB

  • Sample

    241109-y1srba1fkm

  • MD5

    5503f56c0fe86da2ccd870ec59722d20

  • SHA1

    0d5062c655d60a387960a518474cd4e59c23a31f

  • SHA256

    11319f059f1b07048f4a3bbb74d572114a9285dee03e2d58c66820b09efc578c

  • SHA512

    97e90be98600cc5fc160afd7e8ba6dc28cdf59d37775bddecf6696a5a6f6c03596ca1e463ddac0f67ead29d1e4291a19f56ba10a5a7bca7a0aabe62af583e0e9

  • SSDEEP

    12288:LMr6y90D2V9BAMcAbL0gpOCitlhqDxhW3xYiGm+FZ8yMHBt:ByxVgvMp4loKxYy+dMHBt

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      11319f059f1b07048f4a3bbb74d572114a9285dee03e2d58c66820b09efc578c

    • Size

      537KB

    • MD5

      5503f56c0fe86da2ccd870ec59722d20

    • SHA1

      0d5062c655d60a387960a518474cd4e59c23a31f

    • SHA256

      11319f059f1b07048f4a3bbb74d572114a9285dee03e2d58c66820b09efc578c

    • SHA512

      97e90be98600cc5fc160afd7e8ba6dc28cdf59d37775bddecf6696a5a6f6c03596ca1e463ddac0f67ead29d1e4291a19f56ba10a5a7bca7a0aabe62af583e0e9

    • SSDEEP

      12288:LMr6y90D2V9BAMcAbL0gpOCitlhqDxhW3xYiGm+FZ8yMHBt:ByxVgvMp4loKxYy+dMHBt

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks