General

  • Target

    95b721d693a6131e43b2e49a5542439638de8c33223976725ef8dbeda44372b5

  • Size

    550KB

  • Sample

    241110-ek5ldsyhlm

  • MD5

    b7985d9ab37d3a6b1eceb59d90a23c74

  • SHA1

    c65e5d71875b68a4cfea04d6246118bbf594117c

  • SHA256

    95b721d693a6131e43b2e49a5542439638de8c33223976725ef8dbeda44372b5

  • SHA512

    188895390fa9f0003f98ca757dae8739665e787739ffadbef8cb9bdbe6c29aee0e35f02016f7249a28f39e12690a4c76e9b21707367dc5337d2d4c6f612428c2

  • SSDEEP

    12288:lMrMy90nO2ut2Km5QS+4lL8esUHZu7zXeEmRc+ySCMNnnvkfOguA:hy12ulYw4lges4u7zXxmRcFSCMNnvkfZ

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      95b721d693a6131e43b2e49a5542439638de8c33223976725ef8dbeda44372b5

    • Size

      550KB

    • MD5

      b7985d9ab37d3a6b1eceb59d90a23c74

    • SHA1

      c65e5d71875b68a4cfea04d6246118bbf594117c

    • SHA256

      95b721d693a6131e43b2e49a5542439638de8c33223976725ef8dbeda44372b5

    • SHA512

      188895390fa9f0003f98ca757dae8739665e787739ffadbef8cb9bdbe6c29aee0e35f02016f7249a28f39e12690a4c76e9b21707367dc5337d2d4c6f612428c2

    • SSDEEP

      12288:lMrMy90nO2ut2Km5QS+4lL8esUHZu7zXeEmRc+ySCMNnnvkfOguA:hy12ulYw4lges4u7zXxmRcFSCMNnvkfZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks