General

  • Target

    ff272588ed520cf2e434eb9546ae0fae37b5ac590818b5ee0153738f6e4ad538N.exe

  • Size

    502KB

  • Sample

    241113-zn7v5syjgw

  • MD5

    d3693c20cbafc8dda00587aae7204160

  • SHA1

    3ed17665211b3f0545efaad2b7271f75402431f1

  • SHA256

    8b82daf4d9ec152727e519589148c0b5544555d788732180f5a2358f2ed988ca

  • SHA512

    2b5cd51aa52aa0e392e99501427683600306461ebb200de056516b79ed8c80463da5c6f07fe25721671100ee2e5f7675f421d06911cfce4ee94c9191e91cc4ce

  • SSDEEP

    12288:PMrty90VWw5vtsiMf2zSAIDohUqWLYtc3tb7WHjx/3:qySvtfM4vIDxqW8+b7WHjx/3

Malware Config

Extracted

Family

redline

Botnet

lint

C2

193.233.20.28:4125

Attributes
  • auth_value

    0e95262fb78243c67430f3148303e5b7

Targets

    • Target

      ff272588ed520cf2e434eb9546ae0fae37b5ac590818b5ee0153738f6e4ad538N.exe

    • Size

      502KB

    • MD5

      d3693c20cbafc8dda00587aae7204160

    • SHA1

      3ed17665211b3f0545efaad2b7271f75402431f1

    • SHA256

      8b82daf4d9ec152727e519589148c0b5544555d788732180f5a2358f2ed988ca

    • SHA512

      2b5cd51aa52aa0e392e99501427683600306461ebb200de056516b79ed8c80463da5c6f07fe25721671100ee2e5f7675f421d06911cfce4ee94c9191e91cc4ce

    • SSDEEP

      12288:PMrty90VWw5vtsiMf2zSAIDohUqWLYtc3tb7WHjx/3:qySvtfM4vIDxqW8+b7WHjx/3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks