General

  • Target

    9f933b719c6499cd19870dee8bc51ba0cf14beebbc7d6a849fe981c4feaf2b18.exe

  • Size

    908KB

  • Sample

    241112-yv9smszgja

  • MD5

    d06d15599983565492bb80e540a9eaf7

  • SHA1

    d4f13566076a9250f5dc20065c7c3207d945a971

  • SHA256

    9f933b719c6499cd19870dee8bc51ba0cf14beebbc7d6a849fe981c4feaf2b18

  • SHA512

    4d1b757d9063670812ff1a36c9e7833007f9e4cf262fb8bc0ab80c068e5004087823cb1c8d285a01bf94f3924953a32aa93118dc9f0b191a8271d149607fa794

  • SSDEEP

    24576:vyDM+TLPmxxtYEWbCSyq4mT61DkZDA6JAm:6DxLPGeEWtypoH

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      9f933b719c6499cd19870dee8bc51ba0cf14beebbc7d6a849fe981c4feaf2b18.exe

    • Size

      908KB

    • MD5

      d06d15599983565492bb80e540a9eaf7

    • SHA1

      d4f13566076a9250f5dc20065c7c3207d945a971

    • SHA256

      9f933b719c6499cd19870dee8bc51ba0cf14beebbc7d6a849fe981c4feaf2b18

    • SHA512

      4d1b757d9063670812ff1a36c9e7833007f9e4cf262fb8bc0ab80c068e5004087823cb1c8d285a01bf94f3924953a32aa93118dc9f0b191a8271d149607fa794

    • SSDEEP

      24576:vyDM+TLPmxxtYEWbCSyq4mT61DkZDA6JAm:6DxLPGeEWtypoH

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks