General

  • Target

    781be0ae201be53c4ed52f834451662e81fd56a9f3dedd6ca5640090a488ec10

  • Size

    480KB

  • Sample

    241109-1gtwdavrhj

  • MD5

    eeed1b60f530b5eeccfc4140775e16e4

  • SHA1

    571c8b15c0fd918ccef348cd728f740dbb3f2538

  • SHA256

    781be0ae201be53c4ed52f834451662e81fd56a9f3dedd6ca5640090a488ec10

  • SHA512

    c824d491624bf7b55a30207648943912f4044febb31a46bee29da11b4304ab2fddddbe57d6d63c0e13ecf2743ff2c288890a535ef359669f8046ad111d772871

  • SSDEEP

    12288:7MrUy902IjzlqwDe37Cfp6YopiE4wsga4TPd6c4:DyMY/EHErsErD4

Malware Config

Extracted

Family

redline

Botnet

douma

C2

217.196.96.101:4132

Attributes
  • auth_value

    e7c0659b5f9d26f2f97df8d25fefbb44

Targets

    • Target

      781be0ae201be53c4ed52f834451662e81fd56a9f3dedd6ca5640090a488ec10

    • Size

      480KB

    • MD5

      eeed1b60f530b5eeccfc4140775e16e4

    • SHA1

      571c8b15c0fd918ccef348cd728f740dbb3f2538

    • SHA256

      781be0ae201be53c4ed52f834451662e81fd56a9f3dedd6ca5640090a488ec10

    • SHA512

      c824d491624bf7b55a30207648943912f4044febb31a46bee29da11b4304ab2fddddbe57d6d63c0e13ecf2743ff2c288890a535ef359669f8046ad111d772871

    • SSDEEP

      12288:7MrUy902IjzlqwDe37Cfp6YopiE4wsga4TPd6c4:DyMY/EHErsErD4

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks