General

  • Target

    016b5d4bc89a5ed469aef875c8d0f776e91ea0148983ef01b1e761c5e7e58933

  • Size

    689KB

  • Sample

    241109-zavcws1hmj

  • MD5

    5f25884763f171fd222a6dd539c1d057

  • SHA1

    4ad4451b63bc8aa8ed25e76a1b1fa177c8eba100

  • SHA256

    016b5d4bc89a5ed469aef875c8d0f776e91ea0148983ef01b1e761c5e7e58933

  • SHA512

    a9cc596fe53e8b98d8fa77cc80d03be7ff0e397b4567b59a5fac6f89af6fde466f1bd668a91c5d9c16ce721e37ad981f26cdf0dca834aefa5651e247e0275dfb

  • SSDEEP

    12288:MMr0y90tuB2bs9jn38eVrB+iOH3vyCWNMlf3ny9lKQaAx1i0ZgddBWnYQ1NQ:QyH2Q9rtVrBS/N8MVe0QaAxJZUdYYES

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      016b5d4bc89a5ed469aef875c8d0f776e91ea0148983ef01b1e761c5e7e58933

    • Size

      689KB

    • MD5

      5f25884763f171fd222a6dd539c1d057

    • SHA1

      4ad4451b63bc8aa8ed25e76a1b1fa177c8eba100

    • SHA256

      016b5d4bc89a5ed469aef875c8d0f776e91ea0148983ef01b1e761c5e7e58933

    • SHA512

      a9cc596fe53e8b98d8fa77cc80d03be7ff0e397b4567b59a5fac6f89af6fde466f1bd668a91c5d9c16ce721e37ad981f26cdf0dca834aefa5651e247e0275dfb

    • SSDEEP

      12288:MMr0y90tuB2bs9jn38eVrB+iOH3vyCWNMlf3ny9lKQaAx1i0ZgddBWnYQ1NQ:QyH2Q9rtVrBS/N8MVe0QaAxJZUdYYES

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks