General

  • Target

    0fe731e88f42f43df8e30784c8bed0d0f9a7244d23df9f0a0357eb2d5b5c4533

  • Size

    686KB

  • Sample

    241110-dwh14a1php

  • MD5

    13fed9dae6d618c7141669c7b1c0c1fd

  • SHA1

    b085d5b8ce7f9fff9eba552bc3ba83b32d46d1bd

  • SHA256

    0fe731e88f42f43df8e30784c8bed0d0f9a7244d23df9f0a0357eb2d5b5c4533

  • SHA512

    eadf2547ea2294932f57bb850485f4e829e8e9fb2d23010bcff3356487660a424b6b7c47d9a230dea895027919783fc78ac2f1025b9811406603be9315a06bca

  • SSDEEP

    12288:rMrey90kgIhqTOpPIkRo/Xx55pDC7ehHh3d43sn4bbW8avpE:Fy5gK4OZI8WXx55pDDlFdvn4HWNhE

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      0fe731e88f42f43df8e30784c8bed0d0f9a7244d23df9f0a0357eb2d5b5c4533

    • Size

      686KB

    • MD5

      13fed9dae6d618c7141669c7b1c0c1fd

    • SHA1

      b085d5b8ce7f9fff9eba552bc3ba83b32d46d1bd

    • SHA256

      0fe731e88f42f43df8e30784c8bed0d0f9a7244d23df9f0a0357eb2d5b5c4533

    • SHA512

      eadf2547ea2294932f57bb850485f4e829e8e9fb2d23010bcff3356487660a424b6b7c47d9a230dea895027919783fc78ac2f1025b9811406603be9315a06bca

    • SSDEEP

      12288:rMrey90kgIhqTOpPIkRo/Xx55pDC7ehHh3d43sn4bbW8avpE:Fy5gK4OZI8WXx55pDDlFdvn4HWNhE

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks