General

  • Target

    54ead869ce9ba38af86619bfe4ca3d8ee02f5db7090224ae0035ed534811c897

  • Size

    505KB

  • Sample

    230816-egf4maha2s

  • MD5

    23a107a1fe6ee986f4721ec19f136399

  • SHA1

    a00ed93e9bd11a00a6061b8429df24f8df4f61e1

  • SHA256

    54ead869ce9ba38af86619bfe4ca3d8ee02f5db7090224ae0035ed534811c897

  • SHA512

    f660d8e17f2a24f990a6c18ce89435ec2fd8572b9b21abdc04f6c6d1a8e88b7f1d185c89be5b8ffb875c7f6cbfa8a406d367e9767d48bc59d71561b3d8dac0f2

  • SSDEEP

    12288:XMrIy90P5Uwb3usu2e1fhAXMQIdfDCILlLAs1EVh9uv:fy8fb3QMMu9S

Malware Config

Extracted

Family

redline

Botnet

dava

C2

77.91.124.54:19071

Attributes
  • auth_value

    3ce5222c1baaa06681dfe0012ce1de23

Targets

    • Target

      54ead869ce9ba38af86619bfe4ca3d8ee02f5db7090224ae0035ed534811c897

    • Size

      505KB

    • MD5

      23a107a1fe6ee986f4721ec19f136399

    • SHA1

      a00ed93e9bd11a00a6061b8429df24f8df4f61e1

    • SHA256

      54ead869ce9ba38af86619bfe4ca3d8ee02f5db7090224ae0035ed534811c897

    • SHA512

      f660d8e17f2a24f990a6c18ce89435ec2fd8572b9b21abdc04f6c6d1a8e88b7f1d185c89be5b8ffb875c7f6cbfa8a406d367e9767d48bc59d71561b3d8dac0f2

    • SSDEEP

      12288:XMrIy90P5Uwb3usu2e1fhAXMQIdfDCILlLAs1EVh9uv:fy8fb3QMMu9S

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks