General

  • Target

    c1eb2bf2565fd92a410efaef30a93b2a3a4af9b75abc7ca69e417077b20e9a47

  • Size

    1.5MB

  • Sample

    240502-dr286shd95

  • MD5

    991267b92287601ef77a0bbadd747440

  • SHA1

    9ff5b9b627c5eae60511f47cde53de339b74e822

  • SHA256

    c1eb2bf2565fd92a410efaef30a93b2a3a4af9b75abc7ca69e417077b20e9a47

  • SHA512

    23546fe330165a559b53c376b84987979eb4e64fa300925e13d24fc1b1cf9c69785374125fadfe6c55d112e4765263b1d34affaf14d8f0c7355626098af47e5e

  • SSDEEP

    24576:kyIedgrARuVqITHTjQ08cKQnm4xU3/bPpBACmormqSwK92JeG1xdB4xyBqkZ05k6:zIeyaQzU10m4xEItq3KPG7pqkZ4

Malware Config

Extracted

Family

redline

Botnet

max

C2

185.161.248.73:4164

Attributes
  • auth_value

    efb1499709a5d08ed1ddf71cff71211f

Targets

    • Target

      c1eb2bf2565fd92a410efaef30a93b2a3a4af9b75abc7ca69e417077b20e9a47

    • Size

      1.5MB

    • MD5

      991267b92287601ef77a0bbadd747440

    • SHA1

      9ff5b9b627c5eae60511f47cde53de339b74e822

    • SHA256

      c1eb2bf2565fd92a410efaef30a93b2a3a4af9b75abc7ca69e417077b20e9a47

    • SHA512

      23546fe330165a559b53c376b84987979eb4e64fa300925e13d24fc1b1cf9c69785374125fadfe6c55d112e4765263b1d34affaf14d8f0c7355626098af47e5e

    • SSDEEP

      24576:kyIedgrARuVqITHTjQ08cKQnm4xU3/bPpBACmormqSwK92JeG1xdB4xyBqkZ05k6:zIeyaQzU10m4xEItq3KPG7pqkZ4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features

    • Detects executables packed with ConfuserEx Mod

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks