General

  • Target

    c47b469955aaeb191d743a2f2a65ecef8f09b598e87724f84ac9faad7a7e4321

  • Size

    537KB

  • Sample

    241110-btfrvawfkm

  • MD5

    fbac6d328aeb1b270ad8c4d99dc1fbfb

  • SHA1

    68155d8c80feaa30df1aad7aa71b0e96e3a38923

  • SHA256

    c47b469955aaeb191d743a2f2a65ecef8f09b598e87724f84ac9faad7a7e4321

  • SHA512

    22a06a661cb8e37d5fa5d832fadc8ff489811e952f52ca380c7da177534fe9fb12e203b440a71bec2971fb17f9c1e7c87d8c7f7362636ffa765c0888b75cc847

  • SSDEEP

    12288:ZMrZy90ys90F7C1JXbm99d9EswyzQ9JRI+/16LIxhoyelpmMwHN:oybsWF+TbcesBIQ+hGlYHN

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      c47b469955aaeb191d743a2f2a65ecef8f09b598e87724f84ac9faad7a7e4321

    • Size

      537KB

    • MD5

      fbac6d328aeb1b270ad8c4d99dc1fbfb

    • SHA1

      68155d8c80feaa30df1aad7aa71b0e96e3a38923

    • SHA256

      c47b469955aaeb191d743a2f2a65ecef8f09b598e87724f84ac9faad7a7e4321

    • SHA512

      22a06a661cb8e37d5fa5d832fadc8ff489811e952f52ca380c7da177534fe9fb12e203b440a71bec2971fb17f9c1e7c87d8c7f7362636ffa765c0888b75cc847

    • SSDEEP

      12288:ZMrZy90ys90F7C1JXbm99d9EswyzQ9JRI+/16LIxhoyelpmMwHN:oybsWF+TbcesBIQ+hGlYHN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks