General

  • Target

    3d31c7cea7141cddd563fa788c4783cdc053a55eaff417f25664c8e06423540a

  • Size

    478KB

  • Sample

    241104-121vesybrc

  • MD5

    84e74956da64496c4adad1d7ba037582

  • SHA1

    2ed243999bae724e16032c0f75e29eee2fd43045

  • SHA256

    3d31c7cea7141cddd563fa788c4783cdc053a55eaff417f25664c8e06423540a

  • SHA512

    a34223a60a38afd2b925cfc6bbe06d1b325fd5d5f076c516e9091161a53c3af5889a7f146c55b53dd5be569013835647782e67f6dee70747a797e07a128a2e4c

  • SSDEEP

    12288:VMrEy9090whe+8Ft5c1u319TmnEGeq72Wbc7tbg:Ny3whlQzXrTach0

Malware Config

Extracted

Family

redline

Botnet

ditro

C2

217.196.96.101:4132

Attributes
  • auth_value

    8f24ed370a9b24aa28d3d634ea57912e

Targets

    • Target

      3d31c7cea7141cddd563fa788c4783cdc053a55eaff417f25664c8e06423540a

    • Size

      478KB

    • MD5

      84e74956da64496c4adad1d7ba037582

    • SHA1

      2ed243999bae724e16032c0f75e29eee2fd43045

    • SHA256

      3d31c7cea7141cddd563fa788c4783cdc053a55eaff417f25664c8e06423540a

    • SHA512

      a34223a60a38afd2b925cfc6bbe06d1b325fd5d5f076c516e9091161a53c3af5889a7f146c55b53dd5be569013835647782e67f6dee70747a797e07a128a2e4c

    • SSDEEP

      12288:VMrEy9090whe+8Ft5c1u319TmnEGeq72Wbc7tbg:Ny3whlQzXrTach0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks