General

  • Target

    56f91ebf6709430833d53a61844923d69aa957b8f09cca544ccb28fb2c3dccb4

  • Size

    821KB

  • Sample

    241110-bpkv1avrcy

  • MD5

    dd8421502b4f001f8117bbd26b91de2a

  • SHA1

    6a5db840a9759ea3c1a59ddfc47fc6098ef021be

  • SHA256

    56f91ebf6709430833d53a61844923d69aa957b8f09cca544ccb28fb2c3dccb4

  • SHA512

    e8665e126b1df53e50d21249023aa62ff37b5053ad30600dbfca7f01070bead4dd6f812118ca0c6f99aabdc23596cb8b8fa6584b43e70531289aec7a6f6badd5

  • SSDEEP

    12288:PMrqy908q/hj54pM7hmH1lHM/Z4Avf7Q+wyCEk1pG1AinfcMdvGPTBDPjz2:VyJq/NCEhiM/6Py63SbfcS8TBbjz2

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      56f91ebf6709430833d53a61844923d69aa957b8f09cca544ccb28fb2c3dccb4

    • Size

      821KB

    • MD5

      dd8421502b4f001f8117bbd26b91de2a

    • SHA1

      6a5db840a9759ea3c1a59ddfc47fc6098ef021be

    • SHA256

      56f91ebf6709430833d53a61844923d69aa957b8f09cca544ccb28fb2c3dccb4

    • SHA512

      e8665e126b1df53e50d21249023aa62ff37b5053ad30600dbfca7f01070bead4dd6f812118ca0c6f99aabdc23596cb8b8fa6584b43e70531289aec7a6f6badd5

    • SSDEEP

      12288:PMrqy908q/hj54pM7hmH1lHM/Z4Avf7Q+wyCEk1pG1AinfcMdvGPTBDPjz2:VyJq/NCEhiM/6Py63SbfcS8TBbjz2

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks