General

  • Target

    c88a170fd11f8dfcab8de8da3f4e77d1fa228d022f06e3f14cd5a12e7654c24e

  • Size

    541KB

  • Sample

    241110-dzkzvsydmp

  • MD5

    5deff8c89e2ae71c8a81cc114189135a

  • SHA1

    7e2bd858aac226322fd6525bde9e5c8aee643af4

  • SHA256

    c88a170fd11f8dfcab8de8da3f4e77d1fa228d022f06e3f14cd5a12e7654c24e

  • SHA512

    43b6c928443199ef62ecccf75120cd3bcbc97b9db7cb6a5c397089747818f7012a753a9c8a1afd9e633a481ca8a4768c5e9f2635f77a9dfafa13cabc9d03fe9d

  • SSDEEP

    12288:zMr+y90F1QTBAjaEm3wr49bQocFpkvvjvSeda8Mb+E+bXCfHGsyuoz:lyAQT+lJr4GdzEbvSUY+5LCfHvyuy

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      c88a170fd11f8dfcab8de8da3f4e77d1fa228d022f06e3f14cd5a12e7654c24e

    • Size

      541KB

    • MD5

      5deff8c89e2ae71c8a81cc114189135a

    • SHA1

      7e2bd858aac226322fd6525bde9e5c8aee643af4

    • SHA256

      c88a170fd11f8dfcab8de8da3f4e77d1fa228d022f06e3f14cd5a12e7654c24e

    • SHA512

      43b6c928443199ef62ecccf75120cd3bcbc97b9db7cb6a5c397089747818f7012a753a9c8a1afd9e633a481ca8a4768c5e9f2635f77a9dfafa13cabc9d03fe9d

    • SSDEEP

      12288:zMr+y90F1QTBAjaEm3wr49bQocFpkvvjvSeda8Mb+E+bXCfHGsyuoz:lyAQT+lJr4GdzEbvSUY+5LCfHvyuy

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks