General

  • Target

    dba9fe09f8922be8cb2d10af5e7147cba1914816fc4946587e0aa13994921620

  • Size

    540KB

  • Sample

    241110-cmcx2swpfs

  • MD5

    d72131bd8a2940d0ee116bfbda70de30

  • SHA1

    5ec69148b94b80c42aca478d91c0fc59e5c7d968

  • SHA256

    dba9fe09f8922be8cb2d10af5e7147cba1914816fc4946587e0aa13994921620

  • SHA512

    87ed6c40cb3691d27131e319c484b7d57287fa8232b2bcfff1246081724e677b2f89aa7923a8c49bf8dd783be70c553945b7c1810458461e7f3b8b1869e4868f

  • SSDEEP

    12288:0Mrby90OkH7+ieLkbFfsRbrsRHSr+n7m70WKWmlKugV2+:PyFkbM9wRHc+n7moWXz2+

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      dba9fe09f8922be8cb2d10af5e7147cba1914816fc4946587e0aa13994921620

    • Size

      540KB

    • MD5

      d72131bd8a2940d0ee116bfbda70de30

    • SHA1

      5ec69148b94b80c42aca478d91c0fc59e5c7d968

    • SHA256

      dba9fe09f8922be8cb2d10af5e7147cba1914816fc4946587e0aa13994921620

    • SHA512

      87ed6c40cb3691d27131e319c484b7d57287fa8232b2bcfff1246081724e677b2f89aa7923a8c49bf8dd783be70c553945b7c1810458461e7f3b8b1869e4868f

    • SSDEEP

      12288:0Mrby90OkH7+ieLkbFfsRbrsRHSr+n7m70WKWmlKugV2+:PyFkbM9wRHc+n7moWXz2+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks