General

  • Target

    3e48a9c39f7a74e87f13b94dc6ddde5ad534f9d2988683b0e026149edd8895cb

  • Size

    779KB

  • Sample

    241110-d98tnsyhjd

  • MD5

    69d6353ae39d783a726052381460964f

  • SHA1

    8efa333d3fa245e11fe8ddf71b4b1c174c2594bd

  • SHA256

    3e48a9c39f7a74e87f13b94dc6ddde5ad534f9d2988683b0e026149edd8895cb

  • SHA512

    7c5533c7510a4b73ac9a18d1a26d97e85f24ab6a5fa178e40b1e59b4d52fe02539806acce2f3840a79a86497738fe7427dd98ee395247733c831b0b496553e0d

  • SSDEEP

    12288:OMrpy9091gtm5+HuWpodpNY9FeRZ+KPig399SDZD9s8t/IvLtkt4pcHWUmGDnwiw:nyG+OmopY9c6OiK/SxXIvLtm476zwP7

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      3e48a9c39f7a74e87f13b94dc6ddde5ad534f9d2988683b0e026149edd8895cb

    • Size

      779KB

    • MD5

      69d6353ae39d783a726052381460964f

    • SHA1

      8efa333d3fa245e11fe8ddf71b4b1c174c2594bd

    • SHA256

      3e48a9c39f7a74e87f13b94dc6ddde5ad534f9d2988683b0e026149edd8895cb

    • SHA512

      7c5533c7510a4b73ac9a18d1a26d97e85f24ab6a5fa178e40b1e59b4d52fe02539806acce2f3840a79a86497738fe7427dd98ee395247733c831b0b496553e0d

    • SSDEEP

      12288:OMrpy9091gtm5+HuWpodpNY9FeRZ+KPig399SDZD9s8t/IvLtkt4pcHWUmGDnwiw:nyG+OmopY9c6OiK/SxXIvLtm476zwP7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks