General

  • Target

    5c21426313be185071ac55c70902218a55fc37ac27e1f1cc7ee9226e13618cb1

  • Size

    908KB

  • Sample

    241111-b7xyaazclp

  • MD5

    4763ee9e3a815a9b26f98c1dd0e8e005

  • SHA1

    40ceb88e950b633abe08fd8ec64b02a84c064f77

  • SHA256

    5c21426313be185071ac55c70902218a55fc37ac27e1f1cc7ee9226e13618cb1

  • SHA512

    1161326d2f914c20c1dd90b322de0be78cab2cdf9efeb9ab644a726f8732a060f4c5489066415b29014175f0beb833194db118543d907049f7909852ff02014c

  • SSDEEP

    24576:6y1qVC+hFANSQdodcR0njZqGg/JM0oYIlHBk:BwPnANt1Abg/PBsH

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      5c21426313be185071ac55c70902218a55fc37ac27e1f1cc7ee9226e13618cb1

    • Size

      908KB

    • MD5

      4763ee9e3a815a9b26f98c1dd0e8e005

    • SHA1

      40ceb88e950b633abe08fd8ec64b02a84c064f77

    • SHA256

      5c21426313be185071ac55c70902218a55fc37ac27e1f1cc7ee9226e13618cb1

    • SHA512

      1161326d2f914c20c1dd90b322de0be78cab2cdf9efeb9ab644a726f8732a060f4c5489066415b29014175f0beb833194db118543d907049f7909852ff02014c

    • SSDEEP

      24576:6y1qVC+hFANSQdodcR0njZqGg/JM0oYIlHBk:BwPnANt1Abg/PBsH

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.