General

  • Target

    8962fc00ae6a1ba3ab495ae5ad22f4668c14d02da81bd3c60c407f1e4d289472.exe

  • Size

    544KB

  • Sample

    241112-x149nszala

  • MD5

    b426949bdcc6a4501da37eb031c1d3a9

  • SHA1

    9d8232bdeb696055d387c1afd124010e0530f204

  • SHA256

    8962fc00ae6a1ba3ab495ae5ad22f4668c14d02da81bd3c60c407f1e4d289472

  • SHA512

    64d369726579feb19ec03d8e333b88a964560db1be76fcbdc067be1297a4f44c8f19543d6cf5e2b57ebfd785ab1bd27127c8bcaa02f8d0f80bec6cec6632ff6c

  • SSDEEP

    12288:wMrky90mR1Mh6dUKfmznzkdDQMyMKr96auScKh:EymiUKMQd6xF/Ph

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      8962fc00ae6a1ba3ab495ae5ad22f4668c14d02da81bd3c60c407f1e4d289472.exe

    • Size

      544KB

    • MD5

      b426949bdcc6a4501da37eb031c1d3a9

    • SHA1

      9d8232bdeb696055d387c1afd124010e0530f204

    • SHA256

      8962fc00ae6a1ba3ab495ae5ad22f4668c14d02da81bd3c60c407f1e4d289472

    • SHA512

      64d369726579feb19ec03d8e333b88a964560db1be76fcbdc067be1297a4f44c8f19543d6cf5e2b57ebfd785ab1bd27127c8bcaa02f8d0f80bec6cec6632ff6c

    • SSDEEP

      12288:wMrky90mR1Mh6dUKfmznzkdDQMyMKr96auScKh:EymiUKMQd6xF/Ph

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks