General

  • Target

    bac70768466a80a4253c63add9d0601c8d645565be4c9ab0536b250c8e01a0e9

  • Size

    480KB

  • Sample

    240510-cky3hacg31

  • MD5

    f10f3830f74f4c146ecfe490b2f5bb60

  • SHA1

    95f1c364dd9957c7353e958870cbd0b56dd72131

  • SHA256

    bac70768466a80a4253c63add9d0601c8d645565be4c9ab0536b250c8e01a0e9

  • SHA512

    8e3ba81dcfc0c36100ded32308e3e787d2c64e6c644b2a376b9d684d5d54dbcad46522dca178dcd3c3fdc8e2a18d018b9c27f631fac67d80b6ce9bde77277376

  • SSDEEP

    6144:KYy+bnr+Bp0yN90QEMQSOmAfsDSwqGTD4TGYSQUb1BZk8OYHwi0GVSMmaLxcwJuj:kMrJy906OmMSwGF1BZk8hmaLxcwIj

Malware Config

Extracted

Family

redline

Botnet

mihan

C2

217.196.96.101:4132

Attributes
  • auth_value

    9a6a8fdae02ed7caa0a49a6ddc6d4520

Targets

    • Target

      bac70768466a80a4253c63add9d0601c8d645565be4c9ab0536b250c8e01a0e9

    • Size

      480KB

    • MD5

      f10f3830f74f4c146ecfe490b2f5bb60

    • SHA1

      95f1c364dd9957c7353e958870cbd0b56dd72131

    • SHA256

      bac70768466a80a4253c63add9d0601c8d645565be4c9ab0536b250c8e01a0e9

    • SHA512

      8e3ba81dcfc0c36100ded32308e3e787d2c64e6c644b2a376b9d684d5d54dbcad46522dca178dcd3c3fdc8e2a18d018b9c27f631fac67d80b6ce9bde77277376

    • SSDEEP

      6144:KYy+bnr+Bp0yN90QEMQSOmAfsDSwqGTD4TGYSQUb1BZk8OYHwi0GVSMmaLxcwJuj:kMrJy906OmMSwGF1BZk8hmaLxcwIj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Detects executables embedding registry key / value combination indicative of disabling Windows Defender features

    • Detects executables packed with ConfuserEx Mod

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.