General

  • Target

    e3772ea93449e909293a93046e074363010dae006b1ece0c31977ed6dc51edba

  • Size

    689KB

  • Sample

    241111-gtpbwavajk

  • MD5

    acdd9fc7f28b071ee4356940a1595d42

  • SHA1

    eaa529dea63d419c5adb54645301671fa37dcdd6

  • SHA256

    e3772ea93449e909293a93046e074363010dae006b1ece0c31977ed6dc51edba

  • SHA512

    5fdfe7a950363c3a0040c0a75d9b86cd33229bda952dc2c00dd2f863da0d7636d22a2cf1c28e55a10d98a4603e8822b2288f88055d93b1cb3febd897a61d9b99

  • SSDEEP

    12288:ZMrgy901ZeDVblOxfCMzvyXjIiVVmywfRm5h43xzpYMsKbixp+lf+IdreVaOxx:1ykMZlOd9LynmJpmz4hzaMdexENrX2x

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      e3772ea93449e909293a93046e074363010dae006b1ece0c31977ed6dc51edba

    • Size

      689KB

    • MD5

      acdd9fc7f28b071ee4356940a1595d42

    • SHA1

      eaa529dea63d419c5adb54645301671fa37dcdd6

    • SHA256

      e3772ea93449e909293a93046e074363010dae006b1ece0c31977ed6dc51edba

    • SHA512

      5fdfe7a950363c3a0040c0a75d9b86cd33229bda952dc2c00dd2f863da0d7636d22a2cf1c28e55a10d98a4603e8822b2288f88055d93b1cb3febd897a61d9b99

    • SSDEEP

      12288:ZMrgy901ZeDVblOxfCMzvyXjIiVVmywfRm5h43xzpYMsKbixp+lf+IdreVaOxx:1ykMZlOd9LynmJpmz4hzaMdexENrX2x

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks