General

  • Target

    9759d6116e588c0c8f3878795b0545932b019351620fd3dd12e64ec7385c7aeb

  • Size

    490KB

  • Sample

    241104-zkzelawncx

  • MD5

    1215d76105b0078674248a8cb221c748

  • SHA1

    db1016eb26aa74a2149c7d5d1b6d63adef0c3313

  • SHA256

    9759d6116e588c0c8f3878795b0545932b019351620fd3dd12e64ec7385c7aeb

  • SHA512

    f6d00c0a8d8f66d46ed239d28471a53ddb1f4777e0fca97c946e0018f1c744c327fe4a531e64c6a84e54e051c3d4a82f059200ff16b23be5d0f3b9a8b3acecce

  • SSDEEP

    12288:xMrqy90Mj0cJSaGqqX1G0oAbziFQkQAj89lE0G0/:HyRjVTUX1G0FxkX43/

Malware Config

Extracted

Family

redline

Botnet

lulsa

C2

217.196.96.101:4132

Attributes
  • auth_value

    2bb8e3870ce0ad119d2840b124222121

Targets

    • Target

      9759d6116e588c0c8f3878795b0545932b019351620fd3dd12e64ec7385c7aeb

    • Size

      490KB

    • MD5

      1215d76105b0078674248a8cb221c748

    • SHA1

      db1016eb26aa74a2149c7d5d1b6d63adef0c3313

    • SHA256

      9759d6116e588c0c8f3878795b0545932b019351620fd3dd12e64ec7385c7aeb

    • SHA512

      f6d00c0a8d8f66d46ed239d28471a53ddb1f4777e0fca97c946e0018f1c744c327fe4a531e64c6a84e54e051c3d4a82f059200ff16b23be5d0f3b9a8b3acecce

    • SSDEEP

      12288:xMrqy90Mj0cJSaGqqX1G0oAbziFQkQAj89lE0G0/:HyRjVTUX1G0FxkX43/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks