General

  • Target

    ff11af6fff75daa46e24031d02207701983db152c99114117ba90e94c718a38a

  • Size

    551KB

  • Sample

    241111-gm3kxsvckh

  • MD5

    533d49520c6376589f5e38df3c75534a

  • SHA1

    291cefc89c67ea82f684a95bdc50eae76e50a15e

  • SHA256

    ff11af6fff75daa46e24031d02207701983db152c99114117ba90e94c718a38a

  • SHA512

    698c2b2a6b06c8ef158ae6f233ef18996d143be5c9678c82370e56493bb4c00807bbcb1e4b0b705b011a27c2b5edf9771ffc0c68102344a8cbb284c4f5640970

  • SSDEEP

    12288:SMrgy9086E0Owoke6FMZnscC0MBj3MlkLztSl:myIE0OoM2mMR53g

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      ff11af6fff75daa46e24031d02207701983db152c99114117ba90e94c718a38a

    • Size

      551KB

    • MD5

      533d49520c6376589f5e38df3c75534a

    • SHA1

      291cefc89c67ea82f684a95bdc50eae76e50a15e

    • SHA256

      ff11af6fff75daa46e24031d02207701983db152c99114117ba90e94c718a38a

    • SHA512

      698c2b2a6b06c8ef158ae6f233ef18996d143be5c9678c82370e56493bb4c00807bbcb1e4b0b705b011a27c2b5edf9771ffc0c68102344a8cbb284c4f5640970

    • SSDEEP

      12288:SMrgy9086E0Owoke6FMZnscC0MBj3MlkLztSl:myIE0OoM2mMR53g

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks