General

  • Target

    d1ccc5a8b51dbf6c1e7fe695fd2f836c8b15e15dd28ca3ac1f329e814b141856

  • Size

    779KB

  • Sample

    241111-gtwe7axqbl

  • MD5

    9bc6f96eda495f87ed89128c2e6ab3a4

  • SHA1

    dff056e5f49d5af1e191877bd57dfae55455374c

  • SHA256

    d1ccc5a8b51dbf6c1e7fe695fd2f836c8b15e15dd28ca3ac1f329e814b141856

  • SHA512

    150472984baf7a23944322b72ab4642844309e54b18ceca422f8f37d94d676f36ec214f3167d9c6e6ffd3e3ce0c5ca02e2494bd34f88627df57fd5422bce0190

  • SSDEEP

    12288:rMrLy90lK0j+wUdLbwSOf65MJx3Bt9uikwRENdK3Eq04vhZKbNkYqwPRoNtBA5G:0yqJFUwS3+xXORq0kfGeYqmRCBA5G

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      d1ccc5a8b51dbf6c1e7fe695fd2f836c8b15e15dd28ca3ac1f329e814b141856

    • Size

      779KB

    • MD5

      9bc6f96eda495f87ed89128c2e6ab3a4

    • SHA1

      dff056e5f49d5af1e191877bd57dfae55455374c

    • SHA256

      d1ccc5a8b51dbf6c1e7fe695fd2f836c8b15e15dd28ca3ac1f329e814b141856

    • SHA512

      150472984baf7a23944322b72ab4642844309e54b18ceca422f8f37d94d676f36ec214f3167d9c6e6ffd3e3ce0c5ca02e2494bd34f88627df57fd5422bce0190

    • SSDEEP

      12288:rMrLy90lK0j+wUdLbwSOf65MJx3Bt9uikwRENdK3Eq04vhZKbNkYqwPRoNtBA5G:0yqJFUwS3+xXORq0kfGeYqmRCBA5G

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks