General

  • Target

    c28b71d62c7875261590da26e4271f0f682faaea6cfb83192f74cd4e0d50b3e5

  • Size

    721KB

  • Sample

    241111-hn19xstrb1

  • MD5

    cb33d2aafdeaeca45715c8042989ec57

  • SHA1

    ed79954fabd7995e33ce200f272a651055bef695

  • SHA256

    c28b71d62c7875261590da26e4271f0f682faaea6cfb83192f74cd4e0d50b3e5

  • SHA512

    70252ef4d8e3bc040d05265d033d98251adaa4ade99059cc7c89066f57294184923836a0f7023abec97a6280ee8e46b00b98c72978700c3f11c90c6ac1213bda

  • SSDEEP

    12288:jE3ieHoOpxJokeOBsPjWw+1CJBEWQuaG6vRIo3EUz3yzXF8cs9rZu:36oOfJomiZ+1tTfZP3EiizORrk

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      c28b71d62c7875261590da26e4271f0f682faaea6cfb83192f74cd4e0d50b3e5

    • Size

      721KB

    • MD5

      cb33d2aafdeaeca45715c8042989ec57

    • SHA1

      ed79954fabd7995e33ce200f272a651055bef695

    • SHA256

      c28b71d62c7875261590da26e4271f0f682faaea6cfb83192f74cd4e0d50b3e5

    • SHA512

      70252ef4d8e3bc040d05265d033d98251adaa4ade99059cc7c89066f57294184923836a0f7023abec97a6280ee8e46b00b98c72978700c3f11c90c6ac1213bda

    • SSDEEP

      12288:jE3ieHoOpxJokeOBsPjWw+1CJBEWQuaG6vRIo3EUz3yzXF8cs9rZu:36oOfJomiZ+1tTfZP3EiizORrk

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks