General

  • Target

    c4760addc378da4cd4c536236148f954f2637c7f1f728887e7524b89d59d9ca9

  • Size

    546KB

  • Sample

    241117-kz78qavrfy

  • MD5

    227cb324d0d38727fd68a4654d57870d

  • SHA1

    4d30fa5af86bdc250e860e9acea2b292e13b3d0e

  • SHA256

    c4760addc378da4cd4c536236148f954f2637c7f1f728887e7524b89d59d9ca9

  • SHA512

    9b6a339863a780a899d3d70eb9e9cf0c6ab0c40bf4e2fcbe5abe06a3988bc9b2806ab111f76d4a4b03c748be1c2ce039fc5a156704107254e1087a08cd9a092a

  • SSDEEP

    12288:iMrEy90sUnIrxQzjkx81m4yfPBoYTRm5BMGzpkAFo:yyvA9zjaWcH5dmEI6

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Targets

    • Target

      c4760addc378da4cd4c536236148f954f2637c7f1f728887e7524b89d59d9ca9

    • Size

      546KB

    • MD5

      227cb324d0d38727fd68a4654d57870d

    • SHA1

      4d30fa5af86bdc250e860e9acea2b292e13b3d0e

    • SHA256

      c4760addc378da4cd4c536236148f954f2637c7f1f728887e7524b89d59d9ca9

    • SHA512

      9b6a339863a780a899d3d70eb9e9cf0c6ab0c40bf4e2fcbe5abe06a3988bc9b2806ab111f76d4a4b03c748be1c2ce039fc5a156704107254e1087a08cd9a092a

    • SSDEEP

      12288:iMrEy90sUnIrxQzjkx81m4yfPBoYTRm5BMGzpkAFo:yyvA9zjaWcH5dmEI6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks