General

  • Target

    17041f2a313cf1f6e73cd709bc4c4bc0b4f933b69d372e56f92f8c8c76dfbda3

  • Size

    502KB

  • Sample

    241113-yrhjzs1qhq

  • MD5

    29db7520fb06a8c7d6f52eb732453503

  • SHA1

    03ab536d7bf0e4acc90079b14f04a038f6efccfc

  • SHA256

    17041f2a313cf1f6e73cd709bc4c4bc0b4f933b69d372e56f92f8c8c76dfbda3

  • SHA512

    ef252c7c053bd9679b7f1d2cb1ffabc5b70f47ef7e212edbc469440b95d1bc86b5fcb6b5a777031b3a8239d965a674e9d06906b4d8d10b5c07a70a3cb540ef9c

  • SSDEEP

    12288:EMrdy90XGJKkLsFLTlmE8wLKTQSU2zK/kNu5/D7:BytR2LTIBQxSU2znk5r7

Malware Config

Extracted

Family

redline

Botnet

lint

C2

193.233.20.28:4125

Attributes
  • auth_value

    0e95262fb78243c67430f3148303e5b7

Targets

    • Target

      17041f2a313cf1f6e73cd709bc4c4bc0b4f933b69d372e56f92f8c8c76dfbda3

    • Size

      502KB

    • MD5

      29db7520fb06a8c7d6f52eb732453503

    • SHA1

      03ab536d7bf0e4acc90079b14f04a038f6efccfc

    • SHA256

      17041f2a313cf1f6e73cd709bc4c4bc0b4f933b69d372e56f92f8c8c76dfbda3

    • SHA512

      ef252c7c053bd9679b7f1d2cb1ffabc5b70f47ef7e212edbc469440b95d1bc86b5fcb6b5a777031b3a8239d965a674e9d06906b4d8d10b5c07a70a3cb540ef9c

    • SSDEEP

      12288:EMrdy90XGJKkLsFLTlmE8wLKTQSU2zK/kNu5/D7:BytR2LTIBQxSU2znk5r7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks