General

  • Target

    5550d364d26ae279399d39a2049872ba6eccdf6bcbdcaf96cc689c08b704dad3

  • Size

    656KB

  • Sample

    241110-b1y7rszkbl

  • MD5

    b48eb493412048c77c80ad7553268ee0

  • SHA1

    5261ea796670ea4fb0f719d7e1414fcb95823892

  • SHA256

    5550d364d26ae279399d39a2049872ba6eccdf6bcbdcaf96cc689c08b704dad3

  • SHA512

    ef9c79be046a7a3c93dfd241d751ea8c5d565e84f17c894c77c95d54883e0c4413bb605fc760bb3d110dd83bc6d96e446612e6308f2bb20c7b9ad8aa5392bf54

  • SSDEEP

    12288:QMrHy90+e8yCCAYeKxiFy/C3XFRrYyU+u7vjlKLfdgjHT+X+eq2:HyPeVJsKN6HFRr5a7pIGjHkx

Malware Config

Extracted

Family

redline

Botnet

lint

C2

193.233.20.28:4125

Attributes
  • auth_value

    0e95262fb78243c67430f3148303e5b7

Targets

    • Target

      5550d364d26ae279399d39a2049872ba6eccdf6bcbdcaf96cc689c08b704dad3

    • Size

      656KB

    • MD5

      b48eb493412048c77c80ad7553268ee0

    • SHA1

      5261ea796670ea4fb0f719d7e1414fcb95823892

    • SHA256

      5550d364d26ae279399d39a2049872ba6eccdf6bcbdcaf96cc689c08b704dad3

    • SHA512

      ef9c79be046a7a3c93dfd241d751ea8c5d565e84f17c894c77c95d54883e0c4413bb605fc760bb3d110dd83bc6d96e446612e6308f2bb20c7b9ad8aa5392bf54

    • SSDEEP

      12288:QMrHy90+e8yCCAYeKxiFy/C3XFRrYyU+u7vjlKLfdgjHT+X+eq2:HyPeVJsKN6HFRr5a7pIGjHkx

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks