General

  • Target

    7e3024bb4f58e854289bcfe6c3ceef3f76351b448fc113c59e16541511176a8a

  • Size

    655KB

  • Sample

    241111-hm5kystray

  • MD5

    2ed427569d36389c2d3cc3e83de750b1

  • SHA1

    5d43d6c4fb0282b55455ad672910b1aa19da7027

  • SHA256

    7e3024bb4f58e854289bcfe6c3ceef3f76351b448fc113c59e16541511176a8a

  • SHA512

    58c163d86fee8ab096ba8b09239186af5cf1226c43e5a4474380f3295a203d96eef3c921edefdb7a1be30805108d6e1453cadb6543f834b654f27aaa127397e5

  • SSDEEP

    12288:jMrpy90EhhVn7DF1gQcNiFbPSRaO+SxhVIpa2zGzz1divYxLGY+7:yyB7VfPgQLSVIprGdMvcC

Malware Config

Extracted

Family

redline

Botnet

lint

C2

193.233.20.28:4125

Attributes
  • auth_value

    0e95262fb78243c67430f3148303e5b7

Targets

    • Target

      7e3024bb4f58e854289bcfe6c3ceef3f76351b448fc113c59e16541511176a8a

    • Size

      655KB

    • MD5

      2ed427569d36389c2d3cc3e83de750b1

    • SHA1

      5d43d6c4fb0282b55455ad672910b1aa19da7027

    • SHA256

      7e3024bb4f58e854289bcfe6c3ceef3f76351b448fc113c59e16541511176a8a

    • SHA512

      58c163d86fee8ab096ba8b09239186af5cf1226c43e5a4474380f3295a203d96eef3c921edefdb7a1be30805108d6e1453cadb6543f834b654f27aaa127397e5

    • SSDEEP

      12288:jMrpy90EhhVn7DF1gQcNiFbPSRaO+SxhVIpa2zGzz1divYxLGY+7:yyB7VfPgQLSVIprGdMvcC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks