General

  • Target

    7ed648045bf6c235955b4dd497682b94947057027220d6e4ad024775e3f6cd64

  • Size

    703KB

  • Sample

    241110-dvpr9a1pgm

  • MD5

    f12f951e2ce6afcd8bbe0a2a3595ba65

  • SHA1

    9d62b510551c89292407da63f02b0664c1539698

  • SHA256

    7ed648045bf6c235955b4dd497682b94947057027220d6e4ad024775e3f6cd64

  • SHA512

    78b0ccdd8af9012e0fc4fd212788a63096c2b270601b2bc1d04ef57b370888ab6922bb60e69842b535b5eeea3d692ac797a04c6973500020b9178a15a6841cde

  • SSDEEP

    12288:QMrXy90OoFh7W/gyz5TRNWYPQJUMbSsVnvwr493A3fdyzC3pS1:Xy+hygyzQ2QltwrI3AAGc

Malware Config

Extracted

Family

redline

Botnet

dubik

C2

193.233.20.17:4139

Attributes
  • auth_value

    05136deb26ad700ca57d43b1de454f46

Targets

    • Target

      7ed648045bf6c235955b4dd497682b94947057027220d6e4ad024775e3f6cd64

    • Size

      703KB

    • MD5

      f12f951e2ce6afcd8bbe0a2a3595ba65

    • SHA1

      9d62b510551c89292407da63f02b0664c1539698

    • SHA256

      7ed648045bf6c235955b4dd497682b94947057027220d6e4ad024775e3f6cd64

    • SHA512

      78b0ccdd8af9012e0fc4fd212788a63096c2b270601b2bc1d04ef57b370888ab6922bb60e69842b535b5eeea3d692ac797a04c6973500020b9178a15a6841cde

    • SSDEEP

      12288:QMrXy90OoFh7W/gyz5TRNWYPQJUMbSsVnvwr493A3fdyzC3pS1:Xy+hygyzQ2QltwrI3AAGc

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks