General

  • Target

    3bafd6c44e257ee484c445659fb2c0220f2a1fe6f688852de1add84c666062df

  • Size

    851KB

  • Sample

    241110-dv5hpsyelf

  • MD5

    78cca5f61f7a7413710da321ec578da7

  • SHA1

    9f4137c1e90e14ee1a5d7847cc8f91ede6ac9b7c

  • SHA256

    3bafd6c44e257ee484c445659fb2c0220f2a1fe6f688852de1add84c666062df

  • SHA512

    5cc3538e3e6614dba9609262647b075b7d34f4b90b747979c41010b8f3bc542b94b99030307d39caa75d1133fd6cfe3a49fc08eaacf89ef3dde0064cfa12eeed

  • SSDEEP

    12288:2Mr0y906TBE7xfjiOX/H31H/3zGNtcr29bkxjP33vDQSmWX+t+ktc+IoUAFvbTs:eydVwjiG17Qz4j/3vD96+P9BAFns

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      3bafd6c44e257ee484c445659fb2c0220f2a1fe6f688852de1add84c666062df

    • Size

      851KB

    • MD5

      78cca5f61f7a7413710da321ec578da7

    • SHA1

      9f4137c1e90e14ee1a5d7847cc8f91ede6ac9b7c

    • SHA256

      3bafd6c44e257ee484c445659fb2c0220f2a1fe6f688852de1add84c666062df

    • SHA512

      5cc3538e3e6614dba9609262647b075b7d34f4b90b747979c41010b8f3bc542b94b99030307d39caa75d1133fd6cfe3a49fc08eaacf89ef3dde0064cfa12eeed

    • SSDEEP

      12288:2Mr0y906TBE7xfjiOX/H31H/3zGNtcr29bkxjP33vDQSmWX+t+ktc+IoUAFvbTs:eydVwjiG17Qz4j/3vD96+P9BAFns

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks