General

  • Target

    24e6f6bd1f307e1dbeac106138f011ab3bbbb4203294e37804fdbe07f7162d58

  • Size

    681KB

  • Sample

    241110-b5ph5awldx

  • MD5

    4257cebb55870fbc9332f502b55c1f34

  • SHA1

    e1571ceea85c50f60883c3a3925d233b2296387f

  • SHA256

    24e6f6bd1f307e1dbeac106138f011ab3bbbb4203294e37804fdbe07f7162d58

  • SHA512

    482d7179cb77dd64625898afdb64144e839879c4a1b23345fd5e1cc92f6dcd246ad15aa1e8900cbed058905f0f79791fe4dee1e484c43b3d5dd94a10805a9a44

  • SSDEEP

    12288:hMrNy90gmWGA46Rlfb4kel0kgBTPxA1cq/8zkgoywr6ukpy:0ybmF6RZ0Jl0ZTPS1F/8zkgoywr65py

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      24e6f6bd1f307e1dbeac106138f011ab3bbbb4203294e37804fdbe07f7162d58

    • Size

      681KB

    • MD5

      4257cebb55870fbc9332f502b55c1f34

    • SHA1

      e1571ceea85c50f60883c3a3925d233b2296387f

    • SHA256

      24e6f6bd1f307e1dbeac106138f011ab3bbbb4203294e37804fdbe07f7162d58

    • SHA512

      482d7179cb77dd64625898afdb64144e839879c4a1b23345fd5e1cc92f6dcd246ad15aa1e8900cbed058905f0f79791fe4dee1e484c43b3d5dd94a10805a9a44

    • SSDEEP

      12288:hMrNy90gmWGA46Rlfb4kel0kgBTPxA1cq/8zkgoywr6ukpy:0ybmF6RZ0Jl0ZTPS1F/8zkgoywr65py

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks