General

  • Target

    747542f2e19b548394c71210f5a12ad91c0eb6a2d510382b18b5f8de913994d6.exe

  • Size

    685KB

  • Sample

    241112-yzlxdatldl

  • MD5

    dfab34c91e282aff489c730e536f927f

  • SHA1

    f3e9a06025ce43faa6d8d86f06dbc8e145601d76

  • SHA256

    747542f2e19b548394c71210f5a12ad91c0eb6a2d510382b18b5f8de913994d6

  • SHA512

    bd744d2f596c1831a24c05c62ebd6fa0abfe83a5f1e925bcbac903a086aba5582c2930a1e9f7c8cee9d94d905da08e41362c6fbc661251fdee8913c9df8815fc

  • SSDEEP

    12288:vMrKy90/tnDY8U07V5zOCieIYoqj7ESYPBdXeIh+eNtJGYqAo2P5gj:5y2nUWR5tzzgSYP/xGYqf2P5gj

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Targets

    • Target

      747542f2e19b548394c71210f5a12ad91c0eb6a2d510382b18b5f8de913994d6.exe

    • Size

      685KB

    • MD5

      dfab34c91e282aff489c730e536f927f

    • SHA1

      f3e9a06025ce43faa6d8d86f06dbc8e145601d76

    • SHA256

      747542f2e19b548394c71210f5a12ad91c0eb6a2d510382b18b5f8de913994d6

    • SHA512

      bd744d2f596c1831a24c05c62ebd6fa0abfe83a5f1e925bcbac903a086aba5582c2930a1e9f7c8cee9d94d905da08e41362c6fbc661251fdee8913c9df8815fc

    • SSDEEP

      12288:vMrKy90/tnDY8U07V5zOCieIYoqj7ESYPBdXeIh+eNtJGYqAo2P5gj:5y2nUWR5tzzgSYP/xGYqf2P5gj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks