General

  • Target

    0397e141693b5369846bd05cc07e548972c63af191041ee38afd6293e25187c4

  • Size

    545KB

  • Sample

    241110-bqqsmsvrez

  • MD5

    075d5b32d7cbae22fec177530c0e6848

  • SHA1

    aca0b9b2073e16c240058504fd7519fceebdb982

  • SHA256

    0397e141693b5369846bd05cc07e548972c63af191041ee38afd6293e25187c4

  • SHA512

    9a848026e9b016888ba381c716b0c54290ccdc224f376287cfa60f1def2c37b891fb6fcf4d40163fe85b8f486051e8c6b542fce656e4c822ea7027c6895def0c

  • SSDEEP

    12288:yMrHy90hNfIoKJfX78pZaLHEcX5SDFWEnrycN7VTpS2W:xyANf7IX78faLHEcJqFWEnr55NpHW

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      0397e141693b5369846bd05cc07e548972c63af191041ee38afd6293e25187c4

    • Size

      545KB

    • MD5

      075d5b32d7cbae22fec177530c0e6848

    • SHA1

      aca0b9b2073e16c240058504fd7519fceebdb982

    • SHA256

      0397e141693b5369846bd05cc07e548972c63af191041ee38afd6293e25187c4

    • SHA512

      9a848026e9b016888ba381c716b0c54290ccdc224f376287cfa60f1def2c37b891fb6fcf4d40163fe85b8f486051e8c6b542fce656e4c822ea7027c6895def0c

    • SSDEEP

      12288:yMrHy90hNfIoKJfX78pZaLHEcX5SDFWEnrycN7VTpS2W:xyANf7IX78faLHEcJqFWEnr55NpHW

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks