General

  • Target

    d8508e022b198024d6af29e71c0f36644b322164649536acb402fb31b7e017c5

  • Size

    685KB

  • Sample

    241110-asxhjaykcm

  • MD5

    2cccce8766a0041757e84ba198f7ccaa

  • SHA1

    6f1a9b62fd910d70835412651ae57bd3e4c845a3

  • SHA256

    d8508e022b198024d6af29e71c0f36644b322164649536acb402fb31b7e017c5

  • SHA512

    2490bd23c605e52d52f627e7572a61557449df49e594ad87bb288abe1368f10b0ef197b97a9d1cfbb052d79f16453cd80c96b8ece91173e451c2fcd31add5558

  • SSDEEP

    12288:OMrpy90ShgkAOMogo/seaimPqAn1WZmxj/m2VhirKCsZzWvfXe1GOezgzPLHMP:zyjgkfRNaimVHxq2IK/Afu1GOeSu

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      d8508e022b198024d6af29e71c0f36644b322164649536acb402fb31b7e017c5

    • Size

      685KB

    • MD5

      2cccce8766a0041757e84ba198f7ccaa

    • SHA1

      6f1a9b62fd910d70835412651ae57bd3e4c845a3

    • SHA256

      d8508e022b198024d6af29e71c0f36644b322164649536acb402fb31b7e017c5

    • SHA512

      2490bd23c605e52d52f627e7572a61557449df49e594ad87bb288abe1368f10b0ef197b97a9d1cfbb052d79f16453cd80c96b8ece91173e451c2fcd31add5558

    • SSDEEP

      12288:OMrpy90ShgkAOMogo/seaimPqAn1WZmxj/m2VhirKCsZzWvfXe1GOezgzPLHMP:zyjgkfRNaimVHxq2IK/Afu1GOeSu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks