General

  • Target

    81ceb417f7f25d885d94968131571ad537bf9685ce8a4deb724284f2cd5e1d30

  • Size

    766KB

  • Sample

    241110-cfs1pazmgj

  • MD5

    2dbff046d0b0ac35cf165e09c35e12e6

  • SHA1

    5e54b5371cc5800c0d99fde82e2a71de1d3105fd

  • SHA256

    81ceb417f7f25d885d94968131571ad537bf9685ce8a4deb724284f2cd5e1d30

  • SHA512

    a37063e57601afe092dcd2938220644172e7531cd5fc6453a2bf16fa74dfdcc1ab99c14b492c3f0f41ec2e7992b24a1c1192a9f1563aef6e2900c88b3288861c

  • SSDEEP

    12288:mMrYy90gij1IK8paSBKiRfgIGcLC9nCaHs0eUgPozF2lmXotPZmbxOtPYjUQQR95:OyE1IK8plB7RoIGagCaM0OohaFmsQQR/

Malware Config

Extracted

Family

redline

Botnet

dubna

C2

193.233.20.11:4131

Attributes
  • auth_value

    f324b1269094b7462e56bab025f032f4

Targets

    • Target

      81ceb417f7f25d885d94968131571ad537bf9685ce8a4deb724284f2cd5e1d30

    • Size

      766KB

    • MD5

      2dbff046d0b0ac35cf165e09c35e12e6

    • SHA1

      5e54b5371cc5800c0d99fde82e2a71de1d3105fd

    • SHA256

      81ceb417f7f25d885d94968131571ad537bf9685ce8a4deb724284f2cd5e1d30

    • SHA512

      a37063e57601afe092dcd2938220644172e7531cd5fc6453a2bf16fa74dfdcc1ab99c14b492c3f0f41ec2e7992b24a1c1192a9f1563aef6e2900c88b3288861c

    • SSDEEP

      12288:mMrYy90gij1IK8paSBKiRfgIGcLC9nCaHs0eUgPozF2lmXotPZmbxOtPYjUQQR95:OyE1IK8plB7RoIGagCaM0OohaFmsQQR/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks