General

  • Target

    b14d65e737f60c879fe1be83704c24ec5f3cbb6cdabcd145cc49853c15d1a74a

  • Size

    540KB

  • Sample

    241111-gqvpgsvcnc

  • MD5

    08c317e2b95031a28b2b5bed6be650b5

  • SHA1

    96c5c73832d8a61c46e5c9b5a3efde1a2b92e84f

  • SHA256

    b14d65e737f60c879fe1be83704c24ec5f3cbb6cdabcd145cc49853c15d1a74a

  • SHA512

    3689ccecb4cdb3d6754e5f18b04e6a4749d4f45cb213f0fb667ba12e572402c37ca7323955948a500885eaf7fe209b4251b1bd8d109ffea249a32c4033d8a244

  • SSDEEP

    12288:gMrKy90O37jVW2+wWj78jXST56NtZuLIEI:ayJ7pWyQ7oXSgZOIEI

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      b14d65e737f60c879fe1be83704c24ec5f3cbb6cdabcd145cc49853c15d1a74a

    • Size

      540KB

    • MD5

      08c317e2b95031a28b2b5bed6be650b5

    • SHA1

      96c5c73832d8a61c46e5c9b5a3efde1a2b92e84f

    • SHA256

      b14d65e737f60c879fe1be83704c24ec5f3cbb6cdabcd145cc49853c15d1a74a

    • SHA512

      3689ccecb4cdb3d6754e5f18b04e6a4749d4f45cb213f0fb667ba12e572402c37ca7323955948a500885eaf7fe209b4251b1bd8d109ffea249a32c4033d8a244

    • SSDEEP

      12288:gMrKy90O37jVW2+wWj78jXST56NtZuLIEI:ayJ7pWyQ7oXSgZOIEI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks