General

  • Target

    38a15c65c9d7d1059391def864010899b3c163e2e15034698cebfb4a38dccde4

  • Size

    1.0MB

  • Sample

    241113-z1185asnar

  • MD5

    a547667f441552d12ab421f40b18e5dd

  • SHA1

    e9fa9d9c2e2a2a71d6860a372137630ecd9f9ef6

  • SHA256

    38a15c65c9d7d1059391def864010899b3c163e2e15034698cebfb4a38dccde4

  • SHA512

    44b95a713f697df7d09a775e20b1780d65c018f35ca3d33816b3bf51de5676ca37ee8f649046993774d884225f283a947fc2fb5051f986c262771fc60571a511

  • SSDEEP

    24576:OyeO0VU/ajepNmb95MBr5RknttjIJCB+5GYKXIVHe:df0gyevmb95a5RknttqCBzYKX

Malware Config

Extracted

Family

redline

Botnet

gena

C2

193.233.20.30:4125

Attributes
  • auth_value

    93c20961cb6b06b2d5781c212db6201e

Targets

    • Target

      38a15c65c9d7d1059391def864010899b3c163e2e15034698cebfb4a38dccde4

    • Size

      1.0MB

    • MD5

      a547667f441552d12ab421f40b18e5dd

    • SHA1

      e9fa9d9c2e2a2a71d6860a372137630ecd9f9ef6

    • SHA256

      38a15c65c9d7d1059391def864010899b3c163e2e15034698cebfb4a38dccde4

    • SHA512

      44b95a713f697df7d09a775e20b1780d65c018f35ca3d33816b3bf51de5676ca37ee8f649046993774d884225f283a947fc2fb5051f986c262771fc60571a511

    • SSDEEP

      24576:OyeO0VU/ajepNmb95MBr5RknttjIJCB+5GYKXIVHe:df0gyevmb95a5RknttqCBzYKX

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks