General

  • Target

    34d967c96fa3bbefbe6fc299e8120781de3fd4484684e27660371d7dd80b6cf6.exe

  • Size

    395KB

  • Sample

    241113-yzpy2a1rhm

  • MD5

    5f15c47299646961c0cc4318c4497475

  • SHA1

    a097476866dd6679667386a20ce55e83189d95e1

  • SHA256

    34d967c96fa3bbefbe6fc299e8120781de3fd4484684e27660371d7dd80b6cf6

  • SHA512

    cf18be62596c794a339bbd0e39c01723b60c012a93f73408c00c75a8de60537f40b5b86226c7896e03de65ec1f135dfc143817ac23bc683bf0a4d63963eee350

  • SSDEEP

    6144:K3y+bnr+Lp0yN90QEcGvCkcO4HdCrVGtmZbpBAJgJ6rESh7HLyNZltWZXItT8iqr:hMrPy90SGvCFOSCrVDj0giubmBcTLm

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Targets

    • Target

      34d967c96fa3bbefbe6fc299e8120781de3fd4484684e27660371d7dd80b6cf6.exe

    • Size

      395KB

    • MD5

      5f15c47299646961c0cc4318c4497475

    • SHA1

      a097476866dd6679667386a20ce55e83189d95e1

    • SHA256

      34d967c96fa3bbefbe6fc299e8120781de3fd4484684e27660371d7dd80b6cf6

    • SHA512

      cf18be62596c794a339bbd0e39c01723b60c012a93f73408c00c75a8de60537f40b5b86226c7896e03de65ec1f135dfc143817ac23bc683bf0a4d63963eee350

    • SSDEEP

      6144:K3y+bnr+Lp0yN90QEcGvCkcO4HdCrVGtmZbpBAJgJ6rESh7HLyNZltWZXItT8iqr:hMrPy90SGvCFOSCrVDj0giubmBcTLm

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks