General

  • Target

    73f03d463cfb66e29fc11580cf73e8045d95bfeb743cfc3af1a487b1e1547f39

  • Size

    686KB

  • Sample

    241111-gg227sxner

  • MD5

    feb27cf49245d248c02879fc946a4f19

  • SHA1

    dc68c072e76e4769948aa3b1862ddf4f6b9fcb7c

  • SHA256

    73f03d463cfb66e29fc11580cf73e8045d95bfeb743cfc3af1a487b1e1547f39

  • SHA512

    b8074597e6992fd440ffd4e42efd84de78f1f1f5e6de60ea8b2b19a05da2318fe5055a061b6987e2cf04275f58e268be7c68d7e83b8c783869e43b20db52c64b

  • SSDEEP

    12288:LMrQy90rGly54+Jw5Xg91sCCTXpEZB57W3mt3+7rsFFt+Z0QkAA/FYNhn:zy85BSXRCCTZEZB5C3mt3+0A+QkAyuNd

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      73f03d463cfb66e29fc11580cf73e8045d95bfeb743cfc3af1a487b1e1547f39

    • Size

      686KB

    • MD5

      feb27cf49245d248c02879fc946a4f19

    • SHA1

      dc68c072e76e4769948aa3b1862ddf4f6b9fcb7c

    • SHA256

      73f03d463cfb66e29fc11580cf73e8045d95bfeb743cfc3af1a487b1e1547f39

    • SHA512

      b8074597e6992fd440ffd4e42efd84de78f1f1f5e6de60ea8b2b19a05da2318fe5055a061b6987e2cf04275f58e268be7c68d7e83b8c783869e43b20db52c64b

    • SSDEEP

      12288:LMrQy90rGly54+Jw5Xg91sCCTXpEZB57W3mt3+7rsFFt+Z0QkAA/FYNhn:zy85BSXRCCTZEZB5C3mt3+0A+QkAyuNd

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks