General

  • Target

    3cd0a689da12281c3039ae8c47dedbe92d12b41cf39c9c9f4495eae43a7a22df.exe

  • Size

    545KB

  • Sample

    241111-gp4wrsthmq

  • MD5

    c1c39783eebc6a2376e23353f8a565f9

  • SHA1

    eb7292b7db5d76beab592b8d9652f39c4d4b1ba9

  • SHA256

    3cd0a689da12281c3039ae8c47dedbe92d12b41cf39c9c9f4495eae43a7a22df

  • SHA512

    19f569488456d347e11e509524ed5f7c0801176b1acf423428085f0867123ea062d81658f4727f124ba0065906040059b2dc259d92426a895fda3b2385b7d872

  • SSDEEP

    12288:KMr4y90Owf+q2MgIFMmwwmcPLRjW9IZ0DSss5O4/a:+yPtt2MmIcPLfZISrr/a

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      3cd0a689da12281c3039ae8c47dedbe92d12b41cf39c9c9f4495eae43a7a22df.exe

    • Size

      545KB

    • MD5

      c1c39783eebc6a2376e23353f8a565f9

    • SHA1

      eb7292b7db5d76beab592b8d9652f39c4d4b1ba9

    • SHA256

      3cd0a689da12281c3039ae8c47dedbe92d12b41cf39c9c9f4495eae43a7a22df

    • SHA512

      19f569488456d347e11e509524ed5f7c0801176b1acf423428085f0867123ea062d81658f4727f124ba0065906040059b2dc259d92426a895fda3b2385b7d872

    • SSDEEP

      12288:KMr4y90Owf+q2MgIFMmwwmcPLRjW9IZ0DSss5O4/a:+yPtt2MmIcPLfZISrr/a

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks