General

  • Target

    8549dafbc6a5063aa74244adc37e89457c57f16d44434bf696ce4bf2edb449d2

  • Size

    660KB

  • Sample

    241110-djtbas1mgk

  • MD5

    c571540e5ae9782fe044ef51f510592d

  • SHA1

    a361f58838452e294f5d05311e57998897d6d2b7

  • SHA256

    8549dafbc6a5063aa74244adc37e89457c57f16d44434bf696ce4bf2edb449d2

  • SHA512

    a3d4db1294283c657f025a3c0d9b20cbd7d9b9d482c00487e417e71edc0553db873bee25ecd27fc361adb5d5c0b80e2e87a4eb01ff989f7ca9e48b71253998a9

  • SSDEEP

    12288:nMrny90H2dLlsD3KxqqKkgCb9XOX8VtHABcWjRIavJ:0yU2dRsDaxRb9XOMVFWWaR

Malware Config

Extracted

Family

redline

Botnet

dubik

C2

193.233.20.17:4139

Attributes
  • auth_value

    05136deb26ad700ca57d43b1de454f46

Targets

    • Target

      8549dafbc6a5063aa74244adc37e89457c57f16d44434bf696ce4bf2edb449d2

    • Size

      660KB

    • MD5

      c571540e5ae9782fe044ef51f510592d

    • SHA1

      a361f58838452e294f5d05311e57998897d6d2b7

    • SHA256

      8549dafbc6a5063aa74244adc37e89457c57f16d44434bf696ce4bf2edb449d2

    • SHA512

      a3d4db1294283c657f025a3c0d9b20cbd7d9b9d482c00487e417e71edc0553db873bee25ecd27fc361adb5d5c0b80e2e87a4eb01ff989f7ca9e48b71253998a9

    • SSDEEP

      12288:nMrny90H2dLlsD3KxqqKkgCb9XOX8VtHABcWjRIavJ:0yU2dRsDaxRb9XOMVFWWaR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks