General

  • Target

    4c0723a101c65e4f46bb9162298ab8306342f07456cbaff3b7bba9167eb72756

  • Size

    656KB

  • Sample

    241110-dgrppaxnes

  • MD5

    357bbd5d499bbd07d5f8fe02669b3702

  • SHA1

    36fdfe5b3b1da83841552d501065e14bafb63180

  • SHA256

    4c0723a101c65e4f46bb9162298ab8306342f07456cbaff3b7bba9167eb72756

  • SHA512

    76cd45d2c3c33882026b4613199a455257689cfae9d6b01f448dd6ce2611ce28ab69f9f1fec97574bf2e6d2b64e1873736f9e733a74d56dc11ada0cffdf49776

  • SSDEEP

    12288:mMr1y90amVtat8fj65tQZBwe+3LNLSIasvvNbsurIsxwIpqti:rysrSUSeUlSa9wOIsWI1

Malware Config

Extracted

Family

redline

Botnet

lint

C2

193.233.20.28:4125

Attributes
  • auth_value

    0e95262fb78243c67430f3148303e5b7

Targets

    • Target

      4c0723a101c65e4f46bb9162298ab8306342f07456cbaff3b7bba9167eb72756

    • Size

      656KB

    • MD5

      357bbd5d499bbd07d5f8fe02669b3702

    • SHA1

      36fdfe5b3b1da83841552d501065e14bafb63180

    • SHA256

      4c0723a101c65e4f46bb9162298ab8306342f07456cbaff3b7bba9167eb72756

    • SHA512

      76cd45d2c3c33882026b4613199a455257689cfae9d6b01f448dd6ce2611ce28ab69f9f1fec97574bf2e6d2b64e1873736f9e733a74d56dc11ada0cffdf49776

    • SSDEEP

      12288:mMr1y90amVtat8fj65tQZBwe+3LNLSIasvvNbsurIsxwIpqti:rysrSUSeUlSa9wOIsWI1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks