General

  • Target

    f66e01543c444379d7d1e1e9ebb08917433ea5bd1abe7e7bb9341a7e2fac37ad

  • Size

    687KB

  • Sample

    241110-byjpaszjcp

  • MD5

    58b902d701362396602ee2ab59f924de

  • SHA1

    d8850d3cf228cf75f4eb4f36cf116e3a12738510

  • SHA256

    f66e01543c444379d7d1e1e9ebb08917433ea5bd1abe7e7bb9341a7e2fac37ad

  • SHA512

    de4f026a9b57db5528d68096f39d15874e308bf8e742790f148dc02574a48b4bea374676881645e4bf406e8a68e611acf176d5fe46ea0e32a602269318fef9d9

  • SSDEEP

    12288:QMr0y908nbtcpKTe86HgQIXfNILcs3DpsIwftlM6EyMKK96muSKJkoaD:0ynuITigQMGcs3dtwfH7b8//KJ5g

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      f66e01543c444379d7d1e1e9ebb08917433ea5bd1abe7e7bb9341a7e2fac37ad

    • Size

      687KB

    • MD5

      58b902d701362396602ee2ab59f924de

    • SHA1

      d8850d3cf228cf75f4eb4f36cf116e3a12738510

    • SHA256

      f66e01543c444379d7d1e1e9ebb08917433ea5bd1abe7e7bb9341a7e2fac37ad

    • SHA512

      de4f026a9b57db5528d68096f39d15874e308bf8e742790f148dc02574a48b4bea374676881645e4bf406e8a68e611acf176d5fe46ea0e32a602269318fef9d9

    • SSDEEP

      12288:QMr0y908nbtcpKTe86HgQIXfNILcs3DpsIwftlM6EyMKK96muSKJkoaD:0ynuITigQMGcs3dtwfH7b8//KJ5g

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks