General

  • Target

    7aa2bd6c4e0ccf4a5899eb24496f3e5c305985e1cb37eb634f1e3fcd46b61e5a

  • Size

    540KB

  • Sample

    241109-y6lvys1gpc

  • MD5

    8b834f31eec31ca79ff9244a03e277b2

  • SHA1

    48e7a53a0d44fbbb04a83743821ea4af4183d648

  • SHA256

    7aa2bd6c4e0ccf4a5899eb24496f3e5c305985e1cb37eb634f1e3fcd46b61e5a

  • SHA512

    b621506c029dd5dbd430ad74ec9036b0fa074624be3e90cdb3f576b5137deb35dc631766675188ad7dff01b3087b300af08ccbb053139cf57fb5579ce5ed907b

  • SSDEEP

    12288:SMrAy90RVHMM08Ti3joqtwuJyCjXSl5x2LJnPkj:ey4FM4i30cNo2XSYC

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      7aa2bd6c4e0ccf4a5899eb24496f3e5c305985e1cb37eb634f1e3fcd46b61e5a

    • Size

      540KB

    • MD5

      8b834f31eec31ca79ff9244a03e277b2

    • SHA1

      48e7a53a0d44fbbb04a83743821ea4af4183d648

    • SHA256

      7aa2bd6c4e0ccf4a5899eb24496f3e5c305985e1cb37eb634f1e3fcd46b61e5a

    • SHA512

      b621506c029dd5dbd430ad74ec9036b0fa074624be3e90cdb3f576b5137deb35dc631766675188ad7dff01b3087b300af08ccbb053139cf57fb5579ce5ed907b

    • SSDEEP

      12288:SMrAy90RVHMM08Ti3joqtwuJyCjXSl5x2LJnPkj:ey4FM4i30cNo2XSYC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks