General

  • Target

    5d44bbb87475105c66172b76c1e36520bca0c7853a3dee3884b9c078d0672052

  • Size

    688KB

  • Sample

    241110-btx15awgnh

  • MD5

    780d5c2e03a91df5b264bfe540fabd9d

  • SHA1

    f7705a9f2404335464b00cda13d3b3a5faf9cfe1

  • SHA256

    5d44bbb87475105c66172b76c1e36520bca0c7853a3dee3884b9c078d0672052

  • SHA512

    28015a66346ca4f64b7338e96f497fded1021baaffd263ec022c6c0d0c2c80be276a71524248bc92d9e1843d414adacb811838a55c5ca9495cc40ff8a83af0df

  • SSDEEP

    12288:XMrHy90F9DW5wRKJfVWbGSxj1mT79gF8+tTEaICR43x3YMUKbZ+FRsOsM8:wyG9jKtV+GujQf9AKax4hoMVd+FRvsM8

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      5d44bbb87475105c66172b76c1e36520bca0c7853a3dee3884b9c078d0672052

    • Size

      688KB

    • MD5

      780d5c2e03a91df5b264bfe540fabd9d

    • SHA1

      f7705a9f2404335464b00cda13d3b3a5faf9cfe1

    • SHA256

      5d44bbb87475105c66172b76c1e36520bca0c7853a3dee3884b9c078d0672052

    • SHA512

      28015a66346ca4f64b7338e96f497fded1021baaffd263ec022c6c0d0c2c80be276a71524248bc92d9e1843d414adacb811838a55c5ca9495cc40ff8a83af0df

    • SSDEEP

      12288:XMrHy90F9DW5wRKJfVWbGSxj1mT79gF8+tTEaICR43x3YMUKbZ+FRsOsM8:wyG9jKtV+GujQf9AKax4hoMVd+FRvsM8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks