General

  • Target

    5d84bb021a02d7c9c5b71fef2bd28923bd353da8c4083dd92ef5e8511594216c

  • Size

    481KB

  • Sample

    241104-qq67ys1bml

  • MD5

    d791956f6d34e425375da78607683460

  • SHA1

    4df50a8f1a28ddb1ffae20919ddf432df6ab62a5

  • SHA256

    5d84bb021a02d7c9c5b71fef2bd28923bd353da8c4083dd92ef5e8511594216c

  • SHA512

    fa92f3af1accdcdc1c1a5027b46e18415740d02e31f8b1d330dfdb8bf203149b32d95198c9c2c8a846f3f47bb51f5fa65f1ec7e2bfd4107264357650f3fadf31

  • SSDEEP

    12288:7MrFy906Dl0RA5c1u31CTqKnEalxyTwP8c3u:uyp0IXUTJ5lxyT28Gu

Malware Config

Extracted

Family

redline

Botnet

misfa

C2

217.196.96.101:4132

Attributes
  • auth_value

    be2e6d9f1a5e54a81340947b20e561c1

Targets

    • Target

      5d84bb021a02d7c9c5b71fef2bd28923bd353da8c4083dd92ef5e8511594216c

    • Size

      481KB

    • MD5

      d791956f6d34e425375da78607683460

    • SHA1

      4df50a8f1a28ddb1ffae20919ddf432df6ab62a5

    • SHA256

      5d84bb021a02d7c9c5b71fef2bd28923bd353da8c4083dd92ef5e8511594216c

    • SHA512

      fa92f3af1accdcdc1c1a5027b46e18415740d02e31f8b1d330dfdb8bf203149b32d95198c9c2c8a846f3f47bb51f5fa65f1ec7e2bfd4107264357650f3fadf31

    • SSDEEP

      12288:7MrFy906Dl0RA5c1u31CTqKnEalxyTwP8c3u:uyp0IXUTJ5lxyT28Gu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks