General

  • Target

    4be766d822e8e4f9f1caa91b5cff8be0db6c8593b1b47e7f7d97260e421ab83e

  • Size

    688KB

  • Sample

    241109-y8sfhs1grk

  • MD5

    b784e3e919c88905218239b90d1c4a87

  • SHA1

    13e0acd9b5eb0f0df6fabb654c0718a83bffaf6a

  • SHA256

    4be766d822e8e4f9f1caa91b5cff8be0db6c8593b1b47e7f7d97260e421ab83e

  • SHA512

    4c4da1aa009d458a2063647eb0240f7614ff1f660a0b56a2223ff4c0ae9c9577f3e708e86648409bbe96a62b93466b46b54377fb742794adfc46793b40673df3

  • SSDEEP

    12288:jMrEy90E1uGlOfJeU5PUgiEbfwy8sIfVVmR9orM43xSYMtKbyDYrPb:ny+lgsUyUmLoY4hRM0ODYLb

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      4be766d822e8e4f9f1caa91b5cff8be0db6c8593b1b47e7f7d97260e421ab83e

    • Size

      688KB

    • MD5

      b784e3e919c88905218239b90d1c4a87

    • SHA1

      13e0acd9b5eb0f0df6fabb654c0718a83bffaf6a

    • SHA256

      4be766d822e8e4f9f1caa91b5cff8be0db6c8593b1b47e7f7d97260e421ab83e

    • SHA512

      4c4da1aa009d458a2063647eb0240f7614ff1f660a0b56a2223ff4c0ae9c9577f3e708e86648409bbe96a62b93466b46b54377fb742794adfc46793b40673df3

    • SSDEEP

      12288:jMrEy90E1uGlOfJeU5PUgiEbfwy8sIfVVmR9orM43xSYMtKbyDYrPb:ny+lgsUyUmLoY4hRM0ODYLb

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks