General

  • Target

    bf393436fb5c1d780be0c03ce0adda63efee1d0b61cb78c3210203d8478353f6

  • Size

    1.1MB

  • Sample

    241110-yrl76sthqg

  • MD5

    710a0e0fed59f7bc2bf9f0de7126b1df

  • SHA1

    9374b15840d99614268f92322fc7f82315530747

  • SHA256

    bf393436fb5c1d780be0c03ce0adda63efee1d0b61cb78c3210203d8478353f6

  • SHA512

    31ea019ab9c7a225a952f88beb2fdbc634996f6705558472cc1a68662ec7e82db570ce0b3521b56a53887f32ed2610e9d40077ea7d9588ebe83660aa4eb002e1

  • SSDEEP

    24576:nE2pPh6v8O74D3kgO6TDE1HWe88CIgLM7jRs0zJD94ht92OKs:EaPkwznTQ1H98ogsKa94jGs

Malware Config

Extracted

Family

redline

Botnet

rodik

C2

193.233.20.23:4124

Attributes
  • auth_value

    59b6e22e7cfd9b5fa0c99d1942f7c85d

Targets

    • Target

      ad4a3dec1d4b2bbf197a23d9ccdc33fc911b71729362d5a437005e6b318ecf4a.exe

    • Size

      1.1MB

    • MD5

      73a7695064f956af574b49802de54b2f

    • SHA1

      79521dbeea68fcc84a81a95e14d58e7446574be7

    • SHA256

      ad4a3dec1d4b2bbf197a23d9ccdc33fc911b71729362d5a437005e6b318ecf4a

    • SHA512

      7278d24f1a66c4fa40f325738e105c0f50a7a31a71bd44f89553c916f97a0057229b5c573c03351540f35db1befb58c18c979d4a24b9f827bcfcea25dc33fab8

    • SSDEEP

      24576:cy2KjwWQeHidEEBwHxHP3zjnrenjEL7Ea19kgnee2mpWKIQjyYv:L2GwW/Ci8whPjjwEvECW5fmpJIQ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks