General

  • Target

    f32e7e2311fee8f79dc620afa9adcd9d1f39be4ad4af9a1eab31c3b7c47f28dd

  • Size

    689KB

  • Sample

    241109-y8tzca1jfv

  • MD5

    58044597d627fb4fd67e673c092dddb6

  • SHA1

    e0a2b76fe22c57849f550e871700bc04b6eada03

  • SHA256

    f32e7e2311fee8f79dc620afa9adcd9d1f39be4ad4af9a1eab31c3b7c47f28dd

  • SHA512

    5ab131591ff0b1fb1f7eec1c0cbfb46c8f295227c009d87c61430d0e31041198f5351d0725d57d5b84253245d7b145d45672f771605441eabd4a4d27da5e838d

  • SSDEEP

    12288:cMryy90249QmQwgrei2fH5fbfnIcgRUDICu3AXCAUnKBMDzCn8LW3ESy:GyncQJebH5fDvP8CQAXCNn9PCn863EB

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      f32e7e2311fee8f79dc620afa9adcd9d1f39be4ad4af9a1eab31c3b7c47f28dd

    • Size

      689KB

    • MD5

      58044597d627fb4fd67e673c092dddb6

    • SHA1

      e0a2b76fe22c57849f550e871700bc04b6eada03

    • SHA256

      f32e7e2311fee8f79dc620afa9adcd9d1f39be4ad4af9a1eab31c3b7c47f28dd

    • SHA512

      5ab131591ff0b1fb1f7eec1c0cbfb46c8f295227c009d87c61430d0e31041198f5351d0725d57d5b84253245d7b145d45672f771605441eabd4a4d27da5e838d

    • SSDEEP

      12288:cMryy90249QmQwgrei2fH5fbfnIcgRUDICu3AXCAUnKBMDzCn8LW3ESy:GyncQJebH5fDvP8CQAXCNn9PCn863EB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks