General

  • Target

    57fced681c0accdb47c63bd6546c8da9c31422089d2f3c01576343fdc664e15e

  • Size

    670KB

  • Sample

    241110-bzpa6szjgk

  • MD5

    e01c954f0ab07eac9661e338a2a43264

  • SHA1

    35a05dc6b3c17a6eb97b4c2ae1255298a96eb954

  • SHA256

    57fced681c0accdb47c63bd6546c8da9c31422089d2f3c01576343fdc664e15e

  • SHA512

    e3ecac72875626a13d46bfc0f72ace63cce3c2b10b192c879ac7318b8d9abf02af307828a78988f767a2f534efe1820c8812b31b98b76e2e40119b05578e2f74

  • SSDEEP

    12288:hMruy907cscP/qXAIxy7wJ3hhQ3fKEcHmRp5LeuvGS0gwgqkhnd:byqlcKXAsJ3tHmRrKiGPkhnd

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      57fced681c0accdb47c63bd6546c8da9c31422089d2f3c01576343fdc664e15e

    • Size

      670KB

    • MD5

      e01c954f0ab07eac9661e338a2a43264

    • SHA1

      35a05dc6b3c17a6eb97b4c2ae1255298a96eb954

    • SHA256

      57fced681c0accdb47c63bd6546c8da9c31422089d2f3c01576343fdc664e15e

    • SHA512

      e3ecac72875626a13d46bfc0f72ace63cce3c2b10b192c879ac7318b8d9abf02af307828a78988f767a2f534efe1820c8812b31b98b76e2e40119b05578e2f74

    • SSDEEP

      12288:hMruy907cscP/qXAIxy7wJ3hhQ3fKEcHmRp5LeuvGS0gwgqkhnd:byqlcKXAsJ3tHmRrKiGPkhnd

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks