General

  • Target

    1b8fec6ce25f0a007f11a96da842540eae690a55e08c1b9f975d4d0a255a05e2

  • Size

    399KB

  • Sample

    241112-ywyf1azgke

  • MD5

    99cbe8f9386db0ca19566e780caf6e40

  • SHA1

    aee2671ac7f29bf14adfec6f64297bbdb69838ca

  • SHA256

    1b8fec6ce25f0a007f11a96da842540eae690a55e08c1b9f975d4d0a255a05e2

  • SHA512

    bdd2b2c6405bcecee9106ddff1abe60c31dfd2e6c953301103c30b5aafb5d7255e85634c30eff47b4556ad610aae0c288f89bdff576a875f34a7c0c4ce8460a2

  • SSDEEP

    6144:Key+bnr+ep0yN90QECMq6PUqxV7iuawPLyoqsMjdHwJsUwEuNvZEVszg9B:CMrey90E2PUqxsFwnMjGaUwEkviCg9B

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      1b8fec6ce25f0a007f11a96da842540eae690a55e08c1b9f975d4d0a255a05e2

    • Size

      399KB

    • MD5

      99cbe8f9386db0ca19566e780caf6e40

    • SHA1

      aee2671ac7f29bf14adfec6f64297bbdb69838ca

    • SHA256

      1b8fec6ce25f0a007f11a96da842540eae690a55e08c1b9f975d4d0a255a05e2

    • SHA512

      bdd2b2c6405bcecee9106ddff1abe60c31dfd2e6c953301103c30b5aafb5d7255e85634c30eff47b4556ad610aae0c288f89bdff576a875f34a7c0c4ce8460a2

    • SSDEEP

      6144:Key+bnr+ep0yN90QECMq6PUqxV7iuawPLyoqsMjdHwJsUwEuNvZEVszg9B:CMrey90E2PUqxsFwnMjGaUwEkviCg9B

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks