General

  • Target

    8c615691fb0b3e27f29de160eaf0256b3bcf414e5a971fd909462b459cc641fd

  • Size

    546KB

  • Sample

    241110-b52hpazkhn

  • MD5

    57406dfe7c00a6609236948c2298c797

  • SHA1

    78835d67390faf52218f4c931e3a8373aed57450

  • SHA256

    8c615691fb0b3e27f29de160eaf0256b3bcf414e5a971fd909462b459cc641fd

  • SHA512

    621435eca4375f104d453958fbd92849eb3caabccebf29bf21b8e4edc3a819522fa1da37b0703a3ad271ef55ea735d86e40cba68611dc58fdfd45f5307fb3dc6

  • SSDEEP

    12288:SMrKy90hn1JLK7Dc1gT/BgTmmfKMahlfrUlAKx/2QLPRU:EysJKOTnJahlfrUlAK/2oPRU

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      8c615691fb0b3e27f29de160eaf0256b3bcf414e5a971fd909462b459cc641fd

    • Size

      546KB

    • MD5

      57406dfe7c00a6609236948c2298c797

    • SHA1

      78835d67390faf52218f4c931e3a8373aed57450

    • SHA256

      8c615691fb0b3e27f29de160eaf0256b3bcf414e5a971fd909462b459cc641fd

    • SHA512

      621435eca4375f104d453958fbd92849eb3caabccebf29bf21b8e4edc3a819522fa1da37b0703a3ad271ef55ea735d86e40cba68611dc58fdfd45f5307fb3dc6

    • SSDEEP

      12288:SMrKy90hn1JLK7Dc1gT/BgTmmfKMahlfrUlAKx/2QLPRU:EysJKOTnJahlfrUlAK/2oPRU

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks