General

  • Target

    56bbf63b3995ced92bacbeb4136005a6f83a1033ad953321b1349aa9fe38f6b9

  • Size

    686KB

  • Sample

    241110-byfyeazjcm

  • MD5

    99260afcc492bff70d4df9e38177188b

  • SHA1

    a44c633e2ca541bc6a460398b05a10350ec04add

  • SHA256

    56bbf63b3995ced92bacbeb4136005a6f83a1033ad953321b1349aa9fe38f6b9

  • SHA512

    37b47c990a892c35be75da743fe30c807d738d8390906fbdb16e4cf4e24a97ee242a680e0bbbafd47611b95b158f27cdd125664be2bafb34742af648be5b9a32

  • SSDEEP

    12288:EMrsy90K2CFGzi0TA/ddj2JVDkLrtBULGieh4gdrqHfa6sby9xV:wy52CFkTidh2JVD4BULGieh4gFUiTbu

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      56bbf63b3995ced92bacbeb4136005a6f83a1033ad953321b1349aa9fe38f6b9

    • Size

      686KB

    • MD5

      99260afcc492bff70d4df9e38177188b

    • SHA1

      a44c633e2ca541bc6a460398b05a10350ec04add

    • SHA256

      56bbf63b3995ced92bacbeb4136005a6f83a1033ad953321b1349aa9fe38f6b9

    • SHA512

      37b47c990a892c35be75da743fe30c807d738d8390906fbdb16e4cf4e24a97ee242a680e0bbbafd47611b95b158f27cdd125664be2bafb34742af648be5b9a32

    • SSDEEP

      12288:EMrsy90K2CFGzi0TA/ddj2JVDkLrtBULGieh4gdrqHfa6sby9xV:wy52CFkTidh2JVD4BULGieh4gFUiTbu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks