General

  • Target

    76421e971bc357635b8ae5e3f505e0a8495eee08fe21a608d7e6dd3f6b571936

  • Size

    553KB

  • Sample

    241110-b2jhpswkgs

  • MD5

    4588be228feeda8f8847374e918cdf97

  • SHA1

    e21fb7dbdd01c3345d8d1af067fa3309bbe3339b

  • SHA256

    76421e971bc357635b8ae5e3f505e0a8495eee08fe21a608d7e6dd3f6b571936

  • SHA512

    cd15507cb10f2a3feb68512f6cfb8870e835f25f44c1f18a292a683159d8061a8e2daeb7bafca6d893ec9cb581f703d07d8733093250ad49597e69c677995b5e

  • SSDEEP

    12288:ZMrSy90/wXg3d2u2ah8TNegMYBWPcDtUO2lB:PyOb2zahyeNYYkhUOkB

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      76421e971bc357635b8ae5e3f505e0a8495eee08fe21a608d7e6dd3f6b571936

    • Size

      553KB

    • MD5

      4588be228feeda8f8847374e918cdf97

    • SHA1

      e21fb7dbdd01c3345d8d1af067fa3309bbe3339b

    • SHA256

      76421e971bc357635b8ae5e3f505e0a8495eee08fe21a608d7e6dd3f6b571936

    • SHA512

      cd15507cb10f2a3feb68512f6cfb8870e835f25f44c1f18a292a683159d8061a8e2daeb7bafca6d893ec9cb581f703d07d8733093250ad49597e69c677995b5e

    • SSDEEP

      12288:ZMrSy90/wXg3d2u2ah8TNegMYBWPcDtUO2lB:PyOb2zahyeNYYkhUOkB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks