General

  • Target

    3463c603b4a76e587d4f94b87a6a5e245da1e0a34a4061a06a9246311e8dce25

  • Size

    764KB

  • Sample

    241110-dg33qaxnew

  • MD5

    4cb4619ac9996a3e93ca272a817e94a0

  • SHA1

    43fc388b268aa2995ec648f07773cb94be48a9e4

  • SHA256

    3463c603b4a76e587d4f94b87a6a5e245da1e0a34a4061a06a9246311e8dce25

  • SHA512

    2007c4d9582a17f83977dd85911e3e5725f0205876dc6e0652244b369ec07a89790dbe9c934354fa65203cbd9d9e4ca71cd85063067d12cbf01507fd04bda7c8

  • SSDEEP

    12288:qMrQy90CT2HOpsw+9vkbAdVvSbD2Kl5BriefX5nNfQJbVROCjWvWP2ddu9W5Zued:Kyxqupswek+SbyK5EefJNfQZ/DYWP2dR

Malware Config

Extracted

Family

redline

Botnet

dubna

C2

193.233.20.11:4131

Attributes
  • auth_value

    f324b1269094b7462e56bab025f032f4

Targets

    • Target

      3463c603b4a76e587d4f94b87a6a5e245da1e0a34a4061a06a9246311e8dce25

    • Size

      764KB

    • MD5

      4cb4619ac9996a3e93ca272a817e94a0

    • SHA1

      43fc388b268aa2995ec648f07773cb94be48a9e4

    • SHA256

      3463c603b4a76e587d4f94b87a6a5e245da1e0a34a4061a06a9246311e8dce25

    • SHA512

      2007c4d9582a17f83977dd85911e3e5725f0205876dc6e0652244b369ec07a89790dbe9c934354fa65203cbd9d9e4ca71cd85063067d12cbf01507fd04bda7c8

    • SSDEEP

      12288:qMrQy90CT2HOpsw+9vkbAdVvSbD2Kl5BriefX5nNfQJbVROCjWvWP2ddu9W5Zued:Kyxqupswek+SbyK5EefJNfQZ/DYWP2dR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks