General

  • Target

    513f3717e6e284445e084e3f9aff6db2d4ed528d759fd4880ddb486492b3ca20N

  • Size

    545KB

  • Sample

    241110-d6y53asjak

  • MD5

    421056d62466850911f8c474dbe057b0

  • SHA1

    272abfcbaf0378a53b28c23abce6c7bc2d2ef1dc

  • SHA256

    513f3717e6e284445e084e3f9aff6db2d4ed528d759fd4880ddb486492b3ca20

  • SHA512

    4c875cc786f03942a4ebba730f4944bb51e9f0592a4b20526f6e7af888f325ed4f7152f6d3ade31e68daff1df76fa526f7e3d379565310e1284ac1d12c3a4e09

  • SSDEEP

    12288:tMrCy900/xEeQD0GVR8A613R618MXAhXPWTBZ3E0KGokHRhia:7yra3RNs3R618BWTn3WnO39

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      513f3717e6e284445e084e3f9aff6db2d4ed528d759fd4880ddb486492b3ca20N

    • Size

      545KB

    • MD5

      421056d62466850911f8c474dbe057b0

    • SHA1

      272abfcbaf0378a53b28c23abce6c7bc2d2ef1dc

    • SHA256

      513f3717e6e284445e084e3f9aff6db2d4ed528d759fd4880ddb486492b3ca20

    • SHA512

      4c875cc786f03942a4ebba730f4944bb51e9f0592a4b20526f6e7af888f325ed4f7152f6d3ade31e68daff1df76fa526f7e3d379565310e1284ac1d12c3a4e09

    • SSDEEP

      12288:tMrCy900/xEeQD0GVR8A613R618MXAhXPWTBZ3E0KGokHRhia:7yra3RNs3R618BWTn3WnO39

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks