General

  • Target

    e0d36218f9e1d4314f5e57da1ef57853b9dcfbca6801925103aac2476b47f2b0

  • Size

    690KB

  • Sample

    241110-a7rwlaymdr

  • MD5

    70046d70b16ce7045edc2ec277b4a08c

  • SHA1

    0a21d8f0f330de0e3e1e7428f761464e3fc1c22d

  • SHA256

    e0d36218f9e1d4314f5e57da1ef57853b9dcfbca6801925103aac2476b47f2b0

  • SHA512

    494d84e9d06694a34b85eee575a6f9abd8b7e4207b05dc178e4acbda27547dd4aed9ef4a97eda936bff9cb330a1bc35b6ddcff3f83939ef3e142e999d7519394

  • SSDEEP

    12288:aMrsy90qDfCw0t1/UN7sCZ6yLdngq/Czjc79ErdQW2sY:qyJn0tVUuJydnz/Czw9EuN

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      e0d36218f9e1d4314f5e57da1ef57853b9dcfbca6801925103aac2476b47f2b0

    • Size

      690KB

    • MD5

      70046d70b16ce7045edc2ec277b4a08c

    • SHA1

      0a21d8f0f330de0e3e1e7428f761464e3fc1c22d

    • SHA256

      e0d36218f9e1d4314f5e57da1ef57853b9dcfbca6801925103aac2476b47f2b0

    • SHA512

      494d84e9d06694a34b85eee575a6f9abd8b7e4207b05dc178e4acbda27547dd4aed9ef4a97eda936bff9cb330a1bc35b6ddcff3f83939ef3e142e999d7519394

    • SSDEEP

      12288:aMrsy90qDfCw0t1/UN7sCZ6yLdngq/Czjc79ErdQW2sY:qyJn0tVUuJydnz/Czw9EuN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks