General

  • Target

    ff4dc5bfb53c351f6cb3d5a2eb28ca48e6bbbd2ae14898681e671b93e7fe2585

  • Size

    480KB

  • Sample

    241104-12bwasxpfy

  • MD5

    71bc72a6a006fdc752ceba04020b0e47

  • SHA1

    ea4b2e615a2a446ddf78a4868b3f4e6c56993723

  • SHA256

    ff4dc5bfb53c351f6cb3d5a2eb28ca48e6bbbd2ae14898681e671b93e7fe2585

  • SHA512

    18abb95e45c6ff44781802b0a9bb812d0faa19471a6ab93725fbdf9e7cb4c46ef91e8a775d1dbecd9fec0802d695b281ee60ff55f98eaee70a45da085ece1725

  • SSDEEP

    12288:3Mr/y90EAcgPKN5c1u310TC3ttV2NqVaxw01uwbP:4ynActXCTIPV4w4uS

Malware Config

Extracted

Family

redline

Botnet

misfa

C2

217.196.96.101:4132

Attributes
  • auth_value

    be2e6d9f1a5e54a81340947b20e561c1

Targets

    • Target

      ff4dc5bfb53c351f6cb3d5a2eb28ca48e6bbbd2ae14898681e671b93e7fe2585

    • Size

      480KB

    • MD5

      71bc72a6a006fdc752ceba04020b0e47

    • SHA1

      ea4b2e615a2a446ddf78a4868b3f4e6c56993723

    • SHA256

      ff4dc5bfb53c351f6cb3d5a2eb28ca48e6bbbd2ae14898681e671b93e7fe2585

    • SHA512

      18abb95e45c6ff44781802b0a9bb812d0faa19471a6ab93725fbdf9e7cb4c46ef91e8a775d1dbecd9fec0802d695b281ee60ff55f98eaee70a45da085ece1725

    • SSDEEP

      12288:3Mr/y90EAcgPKN5c1u310TC3ttV2NqVaxw01uwbP:4ynActXCTIPV4w4uS

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks