General

  • Target

    05a4fc9712e93d0f08080393906288a69f93f906fa0106c78106bd101d675090

  • Size

    546KB

  • Sample

    241112-xzmm8szakq

  • MD5

    7d4376d62dfefa89a2a1946ae82ada56

  • SHA1

    ab80a3ea1b39cb95617322e73daaff7148ff1e00

  • SHA256

    05a4fc9712e93d0f08080393906288a69f93f906fa0106c78106bd101d675090

  • SHA512

    357956ab6ffb55b4d1dae2fc1e29cc272b5a9cd75373476e86d6abee65eb7e0f0c923778a18a1a689bd42ea84035d978e372b516f093e9617944a4541f2097f1

  • SSDEEP

    12288:uMr8y90mZyb71Wcg7dsthwLzef0ZoBH05j:uyjZEWcE64O0ZoBHKj

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      05a4fc9712e93d0f08080393906288a69f93f906fa0106c78106bd101d675090

    • Size

      546KB

    • MD5

      7d4376d62dfefa89a2a1946ae82ada56

    • SHA1

      ab80a3ea1b39cb95617322e73daaff7148ff1e00

    • SHA256

      05a4fc9712e93d0f08080393906288a69f93f906fa0106c78106bd101d675090

    • SHA512

      357956ab6ffb55b4d1dae2fc1e29cc272b5a9cd75373476e86d6abee65eb7e0f0c923778a18a1a689bd42ea84035d978e372b516f093e9617944a4541f2097f1

    • SSDEEP

      12288:uMr8y90mZyb71Wcg7dsthwLzef0ZoBH05j:uyjZEWcE64O0ZoBHKj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks