General

  • Target

    0ca04b85c97cf6c4af0e0faa81f03693be5714ef521d7b69b8a1124e51195eff

  • Size

    686KB

  • Sample

    241110-dhvgzayamq

  • MD5

    437cecd5e5079e7bc53028a2e6880600

  • SHA1

    480e72fda4137cf6d61dfb5f494781a83ba9169d

  • SHA256

    0ca04b85c97cf6c4af0e0faa81f03693be5714ef521d7b69b8a1124e51195eff

  • SHA512

    7ef79bba87e4afcca28874d6ceb9c0530978d71b63ef0625c408892fff4a179309ff7a84104a1256d595cc461a8e789a8d1d12ea63880ce41b7fbd89c881438d

  • SSDEEP

    12288:DMrcy90g9yI0R2jqzKJr/Z/E7jYmIL4ZTFdZZ0k4k2KByA7I:Hy9SRDyrREvYlm+kMKDI

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      0ca04b85c97cf6c4af0e0faa81f03693be5714ef521d7b69b8a1124e51195eff

    • Size

      686KB

    • MD5

      437cecd5e5079e7bc53028a2e6880600

    • SHA1

      480e72fda4137cf6d61dfb5f494781a83ba9169d

    • SHA256

      0ca04b85c97cf6c4af0e0faa81f03693be5714ef521d7b69b8a1124e51195eff

    • SHA512

      7ef79bba87e4afcca28874d6ceb9c0530978d71b63ef0625c408892fff4a179309ff7a84104a1256d595cc461a8e789a8d1d12ea63880ce41b7fbd89c881438d

    • SSDEEP

      12288:DMrcy90g9yI0R2jqzKJr/Z/E7jYmIL4ZTFdZZ0k4k2KByA7I:Hy9SRDyrREvYlm+kMKDI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks