General

  • Target

    161a8b3d229e833238fa95dc48fbe10fe0be04f2c21afa7498d5cf5611cd5060

  • Size

    553KB

  • Sample

    241113-phtq8avneq

  • MD5

    e0ae5a88008bf6926844dcbc4418caf0

  • SHA1

    025883cbdbf22b9d1e0a7aca328de188577a1878

  • SHA256

    161a8b3d229e833238fa95dc48fbe10fe0be04f2c21afa7498d5cf5611cd5060

  • SHA512

    9e3417bbd4e7fae2c090a28c0fb650093f9a1371e7ceb3c749ec60c247a5783a7f30cc5b5573272e86b2e2a2e7b0101a87743f02507c3141ea30972efc14beda

  • SSDEEP

    12288:gMrDy90BvaEbTonn6ikXhGlyfp6IS+KyHediy2JKNvl6VdRGll:zyyaEQZYGlkgs++4LgdRAl

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      161a8b3d229e833238fa95dc48fbe10fe0be04f2c21afa7498d5cf5611cd5060

    • Size

      553KB

    • MD5

      e0ae5a88008bf6926844dcbc4418caf0

    • SHA1

      025883cbdbf22b9d1e0a7aca328de188577a1878

    • SHA256

      161a8b3d229e833238fa95dc48fbe10fe0be04f2c21afa7498d5cf5611cd5060

    • SHA512

      9e3417bbd4e7fae2c090a28c0fb650093f9a1371e7ceb3c749ec60c247a5783a7f30cc5b5573272e86b2e2a2e7b0101a87743f02507c3141ea30972efc14beda

    • SSDEEP

      12288:gMrDy90BvaEbTonn6ikXhGlyfp6IS+KyHediy2JKNvl6VdRGll:zyyaEQZYGlkgs++4LgdRAl

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks