General

  • Target

    982f1ee50adb5f73ac1c2572177697c0_NEAS

  • Size

    845KB

  • Sample

    240507-jqrnyafe4x

  • MD5

    982f1ee50adb5f73ac1c2572177697c0

  • SHA1

    8e8a00653260c4291e7db3e8c3a3eb766d44f2c5

  • SHA256

    1187636d6e514eb6a1ebb708504da23f9a3ed6065b30e5bef5531cb485fecb34

  • SHA512

    9d4de83a73eff724cf1621f172a6209ad2b8e71e7b94792703c7ad8004ca597dd42cfe5c1f0b07e1fab289c0b516d02322ef8988062a4294449a7f73a61e1410

  • SSDEEP

    12288:KMryy90ohyzNL/h6I7S7IcpBmfPtJvMTf6uBfR4qqV7E6zczO8dMB0gHh6v0tnLI:MyZg/ZSliLvMzT4uo8kTLJ1GXJvt

Malware Config

Extracted

Family

redline

Botnet

mask

C2

217.196.96.56:4138

Attributes
  • auth_value

    31aef25be0febb8e491794ef7f502c50

Targets

    • Target

      982f1ee50adb5f73ac1c2572177697c0_NEAS

    • Size

      845KB

    • MD5

      982f1ee50adb5f73ac1c2572177697c0

    • SHA1

      8e8a00653260c4291e7db3e8c3a3eb766d44f2c5

    • SHA256

      1187636d6e514eb6a1ebb708504da23f9a3ed6065b30e5bef5531cb485fecb34

    • SHA512

      9d4de83a73eff724cf1621f172a6209ad2b8e71e7b94792703c7ad8004ca597dd42cfe5c1f0b07e1fab289c0b516d02322ef8988062a4294449a7f73a61e1410

    • SSDEEP

      12288:KMryy90ohyzNL/h6I7S7IcpBmfPtJvMTf6uBfR4qqV7E6zczO8dMB0gHh6v0tnLI:MyZg/ZSliLvMzT4uo8kTLJ1GXJvt

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks