General

  • Target

    a215fb822dc7caa11b8f9cc6e7836eb8fa02bd93e51e4e8073357218386a2b17

  • Size

    819KB

  • Sample

    241110-dmf55sxpd1

  • MD5

    6dcd72fe9f95f36e7eaa8d7177b2833b

  • SHA1

    00e76fc4cfd7c631b2f378b7af8160a9b4c30c80

  • SHA256

    a215fb822dc7caa11b8f9cc6e7836eb8fa02bd93e51e4e8073357218386a2b17

  • SHA512

    897152d511ea99f41e31847110b57e252302e2e00bfe0c26f1434865c4fac70442d9edf879bfeb93dd2bc96027de8d504df7e3ead8fcf33722c02272ef4c21a8

  • SSDEEP

    24576:mhyPHbtCVWFtgReZ8LM+zSf4Z0A4IXnRpD:BPbQIUFLMRM0A4IX

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      a215fb822dc7caa11b8f9cc6e7836eb8fa02bd93e51e4e8073357218386a2b17

    • Size

      819KB

    • MD5

      6dcd72fe9f95f36e7eaa8d7177b2833b

    • SHA1

      00e76fc4cfd7c631b2f378b7af8160a9b4c30c80

    • SHA256

      a215fb822dc7caa11b8f9cc6e7836eb8fa02bd93e51e4e8073357218386a2b17

    • SHA512

      897152d511ea99f41e31847110b57e252302e2e00bfe0c26f1434865c4fac70442d9edf879bfeb93dd2bc96027de8d504df7e3ead8fcf33722c02272ef4c21a8

    • SSDEEP

      24576:mhyPHbtCVWFtgReZ8LM+zSf4Z0A4IXnRpD:BPbQIUFLMRM0A4IX

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks