General

  • Target

    657e2963731f9d78ad95962944790192d84e2988790cd97314d0b5f9b9ee735b.exe

  • Size

    555KB

  • Sample

    241113-n3deas1fjf

  • MD5

    1eb7631fc821599a5efbadb18afa514a

  • SHA1

    9d0e5746502fc1d7bf05b8352b78a8821d53f783

  • SHA256

    657e2963731f9d78ad95962944790192d84e2988790cd97314d0b5f9b9ee735b

  • SHA512

    93c647035b118a730190ae68d9f8ec9b0930d8554183221a643bbd44e4da7f96554c2105976deee05bfb1df000d684ebf5c9e886cc3c39037c9d497d035cc93f

  • SSDEEP

    12288:1MrCy902v5AkHhG7fo5KHT+5847Mic61JKsJmIGoyJQ2hitZTvWhm1:7ybHMmKzRic6bSIGj+GMbWhm1

Malware Config

Extracted

Family

redline

Botnet

dubik

C2

193.233.20.17:4139

Attributes
  • auth_value

    05136deb26ad700ca57d43b1de454f46

Targets

    • Target

      657e2963731f9d78ad95962944790192d84e2988790cd97314d0b5f9b9ee735b.exe

    • Size

      555KB

    • MD5

      1eb7631fc821599a5efbadb18afa514a

    • SHA1

      9d0e5746502fc1d7bf05b8352b78a8821d53f783

    • SHA256

      657e2963731f9d78ad95962944790192d84e2988790cd97314d0b5f9b9ee735b

    • SHA512

      93c647035b118a730190ae68d9f8ec9b0930d8554183221a643bbd44e4da7f96554c2105976deee05bfb1df000d684ebf5c9e886cc3c39037c9d497d035cc93f

    • SSDEEP

      12288:1MrCy902v5AkHhG7fo5KHT+5847Mic61JKsJmIGoyJQ2hitZTvWhm1:7ybHMmKzRic6bSIGj+GMbWhm1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks