General

  • Target

    b1dc61c0848d576f2a7e7bc00f1f52159af3c4edd3f69d482e50469574b10afc

  • Size

    553KB

  • Sample

    241110-d7jrrssjbn

  • MD5

    2f63c5cab83d61ff8a9909a6af272702

  • SHA1

    a802e6ec10d3d744578d9a3f85c5ff8bbf1329eb

  • SHA256

    b1dc61c0848d576f2a7e7bc00f1f52159af3c4edd3f69d482e50469574b10afc

  • SHA512

    1df254f28a09e5a967ed8d9d6cf645e71a1c3c0597310b714565531638dc915f72924828db9cf7cc17fcd0fe8cae59eb0df361794da9c14859de57c4ae2093cc

  • SSDEEP

    12288:0Mr6y901PdWg6wCIckEEzyemZ0KyFfJsoF8Lw8wGtum:OywVok35VF8Lntum

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      b1dc61c0848d576f2a7e7bc00f1f52159af3c4edd3f69d482e50469574b10afc

    • Size

      553KB

    • MD5

      2f63c5cab83d61ff8a9909a6af272702

    • SHA1

      a802e6ec10d3d744578d9a3f85c5ff8bbf1329eb

    • SHA256

      b1dc61c0848d576f2a7e7bc00f1f52159af3c4edd3f69d482e50469574b10afc

    • SHA512

      1df254f28a09e5a967ed8d9d6cf645e71a1c3c0597310b714565531638dc915f72924828db9cf7cc17fcd0fe8cae59eb0df361794da9c14859de57c4ae2093cc

    • SSDEEP

      12288:0Mr6y901PdWg6wCIckEEzyemZ0KyFfJsoF8Lw8wGtum:OywVok35VF8Lntum

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks