General

  • Target

    0b49c4660806e1439caf7d3e3499ece706cd9c476371ddad919283133679eaeb

  • Size

    1.5MB

  • Sample

    241030-1agbpszpgv

  • MD5

    fbd46982e2845ad803edb569cc9ac627

  • SHA1

    d32896454d3eccd2d66804f00be156b997531167

  • SHA256

    0b49c4660806e1439caf7d3e3499ece706cd9c476371ddad919283133679eaeb

  • SHA512

    e1b6fa081dac305e2f491d045a2baec5a18667038a201ab5021c7496122608deb02695d5258152b45590d6c7798d06fdbbca13fe0396df026ae0a790577a201f

  • SSDEEP

    24576:vyDFcw7PyWymJjFz61IDEKYppR4620k/Qj/sZPsobXpWSYdWgsyu6agBU:6DdLhSODpErIxQg7p8dWQ

Malware Config

Extracted

Family

redline

Botnet

max

C2

185.161.248.73:4164

Attributes
  • auth_value

    efb1499709a5d08ed1ddf71cff71211f

Targets

    • Target

      0b49c4660806e1439caf7d3e3499ece706cd9c476371ddad919283133679eaeb

    • Size

      1.5MB

    • MD5

      fbd46982e2845ad803edb569cc9ac627

    • SHA1

      d32896454d3eccd2d66804f00be156b997531167

    • SHA256

      0b49c4660806e1439caf7d3e3499ece706cd9c476371ddad919283133679eaeb

    • SHA512

      e1b6fa081dac305e2f491d045a2baec5a18667038a201ab5021c7496122608deb02695d5258152b45590d6c7798d06fdbbca13fe0396df026ae0a790577a201f

    • SSDEEP

      24576:vyDFcw7PyWymJjFz61IDEKYppR4620k/Qj/sZPsobXpWSYdWgsyu6agBU:6DdLhSODpErIxQg7p8dWQ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks