General

  • Target

    b831d94f02ed135645c45de485331adcf9e2521d43e14f47d0ff06f72efd1a17

  • Size

    546KB

  • Sample

    241110-by3geawhnf

  • MD5

    fa4c6e0f3e199496297488996333e57e

  • SHA1

    887afd22d2360c65f95c0344a9296f00873281bb

  • SHA256

    b831d94f02ed135645c45de485331adcf9e2521d43e14f47d0ff06f72efd1a17

  • SHA512

    253104f3eecd4021f4b5c4b8fc02f69af560c2db716f1767fd7c84b8d8db3991213e9c9e73d0a8e5257d90a018b5123f375666f33c9701dd9796ab08638ac269

  • SSDEEP

    12288:oMrBy90M66gyPIHImBtBwLx5ETDNk4HaVwWKtl:JyT7jmExiTDKDq

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      b831d94f02ed135645c45de485331adcf9e2521d43e14f47d0ff06f72efd1a17

    • Size

      546KB

    • MD5

      fa4c6e0f3e199496297488996333e57e

    • SHA1

      887afd22d2360c65f95c0344a9296f00873281bb

    • SHA256

      b831d94f02ed135645c45de485331adcf9e2521d43e14f47d0ff06f72efd1a17

    • SHA512

      253104f3eecd4021f4b5c4b8fc02f69af560c2db716f1767fd7c84b8d8db3991213e9c9e73d0a8e5257d90a018b5123f375666f33c9701dd9796ab08638ac269

    • SSDEEP

      12288:oMrBy90M66gyPIHImBtBwLx5ETDNk4HaVwWKtl:JyT7jmExiTDKDq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks