General

  • Target

    b4ac718c40662abd179030f497c3a40dfefd875fcb275124ce9e2a9b4a643d80

  • Size

    539KB

  • Sample

    241111-hkb6matqex

  • MD5

    095c7c82a98489aeaef0f462964fc198

  • SHA1

    4f3d7c21582c06b41356b4c519f5e345e5f78d78

  • SHA256

    b4ac718c40662abd179030f497c3a40dfefd875fcb275124ce9e2a9b4a643d80

  • SHA512

    dc3c8c67dba79bd2510d3c806fa8bbd7c254ec7fc548c5f732870fc0de795a3fa3b751a09b924a7dbb6afa32cb413cf19468103033197ffdbf975040973b164d

  • SSDEEP

    12288:IMr0y90DLuKVKBSWHqqjVNw9UyNQCQdgAa1YW:My+rEBFqqBiNodgv2W

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      b4ac718c40662abd179030f497c3a40dfefd875fcb275124ce9e2a9b4a643d80

    • Size

      539KB

    • MD5

      095c7c82a98489aeaef0f462964fc198

    • SHA1

      4f3d7c21582c06b41356b4c519f5e345e5f78d78

    • SHA256

      b4ac718c40662abd179030f497c3a40dfefd875fcb275124ce9e2a9b4a643d80

    • SHA512

      dc3c8c67dba79bd2510d3c806fa8bbd7c254ec7fc548c5f732870fc0de795a3fa3b751a09b924a7dbb6afa32cb413cf19468103033197ffdbf975040973b164d

    • SSDEEP

      12288:IMr0y90DLuKVKBSWHqqjVNw9UyNQCQdgAa1YW:My+rEBFqqBiNodgv2W

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks