General

  • Target

    2983f2ea55d38ff610717cdf7d1f7f538997f6ae99f0e70e77ff67f755b71528

  • Size

    682KB

  • Sample

    241110-by5a1awkb1

  • MD5

    c195b1ba759e9c6fff21b1962d0a2dba

  • SHA1

    ca381b411e45d2f8cb410a9ed316d2cc737946c3

  • SHA256

    2983f2ea55d38ff610717cdf7d1f7f538997f6ae99f0e70e77ff67f755b71528

  • SHA512

    d86c69026cf05de6c3d8be6d46e0894ba2556b22d073a820a24be10b9490f0f48d5cbe15c69ce2fc0d7cd6024a180dc8094fb0fa6cb921aabc3d3d50eb6237d0

  • SSDEEP

    12288:oMrXy90xjN9+M2bELYAJiixfx5kOBmHyOMq0t79G:vy2l2b2Rx5r+yOMq0tM

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      2983f2ea55d38ff610717cdf7d1f7f538997f6ae99f0e70e77ff67f755b71528

    • Size

      682KB

    • MD5

      c195b1ba759e9c6fff21b1962d0a2dba

    • SHA1

      ca381b411e45d2f8cb410a9ed316d2cc737946c3

    • SHA256

      2983f2ea55d38ff610717cdf7d1f7f538997f6ae99f0e70e77ff67f755b71528

    • SHA512

      d86c69026cf05de6c3d8be6d46e0894ba2556b22d073a820a24be10b9490f0f48d5cbe15c69ce2fc0d7cd6024a180dc8094fb0fa6cb921aabc3d3d50eb6237d0

    • SSDEEP

      12288:oMrXy90xjN9+M2bELYAJiixfx5kOBmHyOMq0t79G:vy2l2b2Rx5r+yOMq0tM

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks