General

  • Target

    602b88acc037a78a6d28e4c020773b844410695c6e3c4abd5c80babd87e27b18

  • Size

    479KB

  • Sample

    241104-qs7aqszkfz

  • MD5

    afcad893788b15a2355d0af32bcf6326

  • SHA1

    fb6d908de8585513d4784f2a96aaf886d638a1d4

  • SHA256

    602b88acc037a78a6d28e4c020773b844410695c6e3c4abd5c80babd87e27b18

  • SHA512

    7f9ab5bf9f196f3c50e1eee8936434c244dee3d8782928f1804539bde8c4c0e6dcb8dfff650b7edaec3e888317def859588eb45fcfbe71f73d0e9f7a1286b4eb

  • SSDEEP

    12288:hMrLy90Gqos3MSrSogyLWZ9gpwCMQQTsmYB:Ky0os3oo7GG

Malware Config

Extracted

Family

redline

Botnet

murka

C2

217.196.96.101:4132

Attributes
  • auth_value

    878a0681ac6ad0e4eb10ef9db07abdd9

Targets

    • Target

      602b88acc037a78a6d28e4c020773b844410695c6e3c4abd5c80babd87e27b18

    • Size

      479KB

    • MD5

      afcad893788b15a2355d0af32bcf6326

    • SHA1

      fb6d908de8585513d4784f2a96aaf886d638a1d4

    • SHA256

      602b88acc037a78a6d28e4c020773b844410695c6e3c4abd5c80babd87e27b18

    • SHA512

      7f9ab5bf9f196f3c50e1eee8936434c244dee3d8782928f1804539bde8c4c0e6dcb8dfff650b7edaec3e888317def859588eb45fcfbe71f73d0e9f7a1286b4eb

    • SSDEEP

      12288:hMrLy90Gqos3MSrSogyLWZ9gpwCMQQTsmYB:Ky0os3oo7GG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks