General

  • Target

    2ee13a1571fe5bad8e34f1cc5fafc3976b4d6d0c374084e1902a4c83780fefaaN.exe

  • Size

    764KB

  • Sample

    241113-pcnysa1lgy

  • MD5

    61f16dd7b431b7e629d861089e3886f0

  • SHA1

    e80014f83eec806c3029916636eab0d892a56663

  • SHA256

    2ee13a1571fe5bad8e34f1cc5fafc3976b4d6d0c374084e1902a4c83780fefaa

  • SHA512

    e43a484b098848e9bf2266cee2ae36f8b1b66b8470d90c6bed8a8ce1ba52b04e01a9d9f5d1fac35736feb60309801c6921d6bf72c1bbb406c5b59b6248803e0a

  • SSDEEP

    12288:eMrby90AOaVYxIZWw/eFxYuaSwMIBlzm8DJB+DabTAID8V3Ta5Ficns2RDyprVa7:lyJOaVYxZw/8auazzPD3Ac8E5bs2lyhM

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      2ee13a1571fe5bad8e34f1cc5fafc3976b4d6d0c374084e1902a4c83780fefaaN.exe

    • Size

      764KB

    • MD5

      61f16dd7b431b7e629d861089e3886f0

    • SHA1

      e80014f83eec806c3029916636eab0d892a56663

    • SHA256

      2ee13a1571fe5bad8e34f1cc5fafc3976b4d6d0c374084e1902a4c83780fefaa

    • SHA512

      e43a484b098848e9bf2266cee2ae36f8b1b66b8470d90c6bed8a8ce1ba52b04e01a9d9f5d1fac35736feb60309801c6921d6bf72c1bbb406c5b59b6248803e0a

    • SSDEEP

      12288:eMrby90AOaVYxIZWw/eFxYuaSwMIBlzm8DJB+DabTAID8V3Ta5Ficns2RDyprVa7:lyJOaVYxZw/8auazzPD3Ac8E5bs2lyhM

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks