General

  • Target

    0ed9262d06bc389c81233543bd377c038c7aa5b3626cae439e6f3d9225f9483d

  • Size

    1.5MB

  • Sample

    241104-qq11yazkdy

  • MD5

    0057d24fb397126fb1f15370ec1da35f

  • SHA1

    97a82b5bac9d2a8c4e7960297fb11e04c724e43d

  • SHA256

    0ed9262d06bc389c81233543bd377c038c7aa5b3626cae439e6f3d9225f9483d

  • SHA512

    a69649ac5d199d71c5f9fd8d3c6378df6aa5af1249afcebaeea72a45d6d41ff217df9d786beed48788ffb9609e6d9f41e04918410a174b4f854018ebe122624a

  • SSDEEP

    24576:tySllzVNEwZofP+D9UfTgIFYqiQUgCxJ6QiDAfq95gPRlnphg4Z:I4hXEdP+yiVgBDrTgTnphg4

Malware Config

Extracted

Family

redline

Botnet

mazda

C2

217.196.96.56:4138

Attributes
  • auth_value

    3d2870537d84a4c6d7aeecd002871c51

Targets

    • Target

      0ed9262d06bc389c81233543bd377c038c7aa5b3626cae439e6f3d9225f9483d

    • Size

      1.5MB

    • MD5

      0057d24fb397126fb1f15370ec1da35f

    • SHA1

      97a82b5bac9d2a8c4e7960297fb11e04c724e43d

    • SHA256

      0ed9262d06bc389c81233543bd377c038c7aa5b3626cae439e6f3d9225f9483d

    • SHA512

      a69649ac5d199d71c5f9fd8d3c6378df6aa5af1249afcebaeea72a45d6d41ff217df9d786beed48788ffb9609e6d9f41e04918410a174b4f854018ebe122624a

    • SSDEEP

      24576:tySllzVNEwZofP+D9UfTgIFYqiQUgCxJ6QiDAfq95gPRlnphg4Z:I4hXEdP+yiVgBDrTgTnphg4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks