General

  • Target

    88d15217a11674520b6218e9275d46fea5702960aab12596d78e2d182078a019.exe

  • Size

    398KB

  • Sample

    241112-xy2e1ayhqd

  • MD5

    f0344bf452aeb76a00587b2f480d8c9d

  • SHA1

    54e97a18669993ed92742c16affd06b9ef249803

  • SHA256

    88d15217a11674520b6218e9275d46fea5702960aab12596d78e2d182078a019

  • SHA512

    b6c036055507424b4243ca28a36539c270321087846ca07bf4bafb7360d5835674882019d4c0cbd9fcd0f7bd9df768868afb4267215805eeab031bc5bfe2b811

  • SSDEEP

    6144:Kfy+bnr+Jp0yN90QE60wOjoXEKWu3KrHUs7F7s74265XYgvDhNfFDyTN/vrL:ZMrhy90twOEX3rIUW7s70zhzyL

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      88d15217a11674520b6218e9275d46fea5702960aab12596d78e2d182078a019.exe

    • Size

      398KB

    • MD5

      f0344bf452aeb76a00587b2f480d8c9d

    • SHA1

      54e97a18669993ed92742c16affd06b9ef249803

    • SHA256

      88d15217a11674520b6218e9275d46fea5702960aab12596d78e2d182078a019

    • SHA512

      b6c036055507424b4243ca28a36539c270321087846ca07bf4bafb7360d5835674882019d4c0cbd9fcd0f7bd9df768868afb4267215805eeab031bc5bfe2b811

    • SSDEEP

      6144:Kfy+bnr+Jp0yN90QE60wOjoXEKWu3KrHUs7F7s74265XYgvDhNfFDyTN/vrL:ZMrhy90twOEX3rIUW7s70zhzyL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks