General

  • Target

    e23e6faf505246e370596381f2eb6d7f35ea3dcefaa4960f8960c9e9e7e5239e

  • Size

    1.0MB

  • Sample

    241110-at8xysykep

  • MD5

    0627c24a9040e5c3ede5a1904357b70e

  • SHA1

    bdd294c6ecba0fb6e95d2c42d302abfef52f7306

  • SHA256

    e23e6faf505246e370596381f2eb6d7f35ea3dcefaa4960f8960c9e9e7e5239e

  • SHA512

    67075ce9142b6cd1dad82a877af560aa12a4e4ea00c76a776b04b38c16713dacb41f2fdaf8c9b47279e471822b26310701ebf0ab94f4a9bb70784cc7477c8f04

  • SSDEEP

    24576:CyWiLUGQSxgWFUo1B4wWTrDID20MASeZd3qUpcRLs:pWiLUDWFDzuaZRLP2

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      e23e6faf505246e370596381f2eb6d7f35ea3dcefaa4960f8960c9e9e7e5239e

    • Size

      1.0MB

    • MD5

      0627c24a9040e5c3ede5a1904357b70e

    • SHA1

      bdd294c6ecba0fb6e95d2c42d302abfef52f7306

    • SHA256

      e23e6faf505246e370596381f2eb6d7f35ea3dcefaa4960f8960c9e9e7e5239e

    • SHA512

      67075ce9142b6cd1dad82a877af560aa12a4e4ea00c76a776b04b38c16713dacb41f2fdaf8c9b47279e471822b26310701ebf0ab94f4a9bb70784cc7477c8f04

    • SSDEEP

      24576:CyWiLUGQSxgWFUo1B4wWTrDID20MASeZd3qUpcRLs:pWiLUDWFDzuaZRLP2

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks