General

  • Target

    4692152d4d96a81d5e2cf2846b5f48b9c06d3b0718dbdd1be1f15470b2fb0dc7

  • Size

    536KB

  • Sample

    241110-b6n9razlbp

  • MD5

    d362f8a86e6849613c7f2c21f5ea2a7d

  • SHA1

    aad28d5b37215b7188bae18b3617544624b32f60

  • SHA256

    4692152d4d96a81d5e2cf2846b5f48b9c06d3b0718dbdd1be1f15470b2fb0dc7

  • SHA512

    bb30cd7ba7f7212f071450c60243763a3cc29004b8860faa2db5fdacb5d9c1b3cab7932f58c02002e43d30457a8ac975a9169cb2f2c81380b36aed0d3d304691

  • SSDEEP

    12288:WMrty90j2cNc2os1OaFYctY5k3C6tglDCOV5bl:HysPN3OziY5k3BKDJVT

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      4692152d4d96a81d5e2cf2846b5f48b9c06d3b0718dbdd1be1f15470b2fb0dc7

    • Size

      536KB

    • MD5

      d362f8a86e6849613c7f2c21f5ea2a7d

    • SHA1

      aad28d5b37215b7188bae18b3617544624b32f60

    • SHA256

      4692152d4d96a81d5e2cf2846b5f48b9c06d3b0718dbdd1be1f15470b2fb0dc7

    • SHA512

      bb30cd7ba7f7212f071450c60243763a3cc29004b8860faa2db5fdacb5d9c1b3cab7932f58c02002e43d30457a8ac975a9169cb2f2c81380b36aed0d3d304691

    • SSDEEP

      12288:WMrty90j2cNc2os1OaFYctY5k3C6tglDCOV5bl:HysPN3OziY5k3BKDJVT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks