General

  • Target

    0c85bf6ba9d52490c8696b2a274b5a3f942bfaa893106455acec145e3610f142

  • Size

    531KB

  • Sample

    241104-131wtaxqaw

  • MD5

    1a77b25c7e406a45ef6a9ff078067852

  • SHA1

    3e78fea386551964bb15c92fd4fed9611bf11cfd

  • SHA256

    0c85bf6ba9d52490c8696b2a274b5a3f942bfaa893106455acec145e3610f142

  • SHA512

    33115b65307a28b7a5cfccc9b1211c9f1ac4e7fb5ab2346a6fa0cd909b4ac33baba7a556ab4de4dc01596d9f7d4d169c916a4f440abf5e226bfc1a150ae4ed2d

  • SSDEEP

    12288:3MrSy90l9YVVCMchSRDvZ/WepyBD4cvtytTTdGX87v2/Rue:Nym94VNv9pynvQtTT8ue

Malware Config

Extracted

Family

redline

Botnet

rulit

C2

pedigj.eu:4162

Attributes
  • auth_value

    f4df9ef56871d4ac883b282abaf635e0

Targets

    • Target

      0c85bf6ba9d52490c8696b2a274b5a3f942bfaa893106455acec145e3610f142

    • Size

      531KB

    • MD5

      1a77b25c7e406a45ef6a9ff078067852

    • SHA1

      3e78fea386551964bb15c92fd4fed9611bf11cfd

    • SHA256

      0c85bf6ba9d52490c8696b2a274b5a3f942bfaa893106455acec145e3610f142

    • SHA512

      33115b65307a28b7a5cfccc9b1211c9f1ac4e7fb5ab2346a6fa0cd909b4ac33baba7a556ab4de4dc01596d9f7d4d169c916a4f440abf5e226bfc1a150ae4ed2d

    • SSDEEP

      12288:3MrSy90l9YVVCMchSRDvZ/WepyBD4cvtytTTdGX87v2/Rue:Nym94VNv9pynvQtTT8ue

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks