General

  • Target

    bc2c4da79745fdb2395d45e22bc1d4fe5ca061b13f970d5261350cd53f0444fa.exe

  • Size

    694KB

  • Sample

    241113-rqc5jswrem

  • MD5

    77fd2a6a3576ed95279d3b7b72ad1393

  • SHA1

    823df80e5318a53827f7b3c7e0831506eb2856fe

  • SHA256

    bc2c4da79745fdb2395d45e22bc1d4fe5ca061b13f970d5261350cd53f0444fa

  • SHA512

    ec149ce8e2315d66184501c5ec55102d6a077d115c93317317ec4ae202320560bd84e5084d8df6b643fdcfa201615ee361c0fc9648a1725b6c13efc04883b1f8

  • SSDEEP

    12288:lMrVy90tAVpB7XM05Lh0+YzxLYoIM8q3bVYAlSTLptffTO0Vy++ixhmjr32:Yy1pJM0dh0+Yzxko5pmAlItffCvnixwi

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      bc2c4da79745fdb2395d45e22bc1d4fe5ca061b13f970d5261350cd53f0444fa.exe

    • Size

      694KB

    • MD5

      77fd2a6a3576ed95279d3b7b72ad1393

    • SHA1

      823df80e5318a53827f7b3c7e0831506eb2856fe

    • SHA256

      bc2c4da79745fdb2395d45e22bc1d4fe5ca061b13f970d5261350cd53f0444fa

    • SHA512

      ec149ce8e2315d66184501c5ec55102d6a077d115c93317317ec4ae202320560bd84e5084d8df6b643fdcfa201615ee361c0fc9648a1725b6c13efc04883b1f8

    • SSDEEP

      12288:lMrVy90tAVpB7XM05Lh0+YzxLYoIM8q3bVYAlSTLptffTO0Vy++ixhmjr32:Yy1pJM0dh0+Yzxko5pmAlItffCvnixwi

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks