General

  • Target

    7f9c2c2287d73c7e302c574868f8772418c5956d9a65c97169eb7b9cfc6609ef

  • Size

    687KB

  • Sample

    241110-d62wysygma

  • MD5

    653836263f4cce6313704634ac9c11f4

  • SHA1

    c76aba8d170b46ecf0a4382104c175dfd3b65e20

  • SHA256

    7f9c2c2287d73c7e302c574868f8772418c5956d9a65c97169eb7b9cfc6609ef

  • SHA512

    95f48aee87d62d85c6c93ee00ec74b55d8dc370d301aa20670b83f6c1818f546bf9e57d45ceb5fdb0fbcf761cac1012a99e079ffc0e3ee5de015f9456cef8e01

  • SSDEEP

    12288:YMrOy90Ee4sKvlmFH/5SvDOkAtbMieBavwUyg9jtDpCs5LTVsgifKHL:Gyne4sKvAFfeOkAh21UnjVplv22L

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      7f9c2c2287d73c7e302c574868f8772418c5956d9a65c97169eb7b9cfc6609ef

    • Size

      687KB

    • MD5

      653836263f4cce6313704634ac9c11f4

    • SHA1

      c76aba8d170b46ecf0a4382104c175dfd3b65e20

    • SHA256

      7f9c2c2287d73c7e302c574868f8772418c5956d9a65c97169eb7b9cfc6609ef

    • SHA512

      95f48aee87d62d85c6c93ee00ec74b55d8dc370d301aa20670b83f6c1818f546bf9e57d45ceb5fdb0fbcf761cac1012a99e079ffc0e3ee5de015f9456cef8e01

    • SSDEEP

      12288:YMrOy90Ee4sKvlmFH/5SvDOkAtbMieBavwUyg9jtDpCs5LTVsgifKHL:Gyne4sKvAFfeOkAh21UnjVplv22L

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks