General

  • Target

    5e1c47fa15607f0181a265844141992a9ea68d1bdd7387361a175e266a7d4286

  • Size

    1.5MB

  • Sample

    241109-1s7llswlal

  • MD5

    4ddf89aeb6340d26236ef6f8a6a34441

  • SHA1

    00fbf733ae703d1bed55778a8bdc88b5c9c63485

  • SHA256

    5e1c47fa15607f0181a265844141992a9ea68d1bdd7387361a175e266a7d4286

  • SHA512

    d3a2081877be77734e121123528e13466022c08f7d4185bf4e122fc476d0e8123a00a041bf0ced8ebfc3f68bd451d709c714a4a97381d5d9f306122083ce4bb1

  • SSDEEP

    24576:wygx75mYLNDYKR/v/5Hw4oW1OZxMfdqpklFPRZ/KgJay6EJ1fJOcbtV:3gxFlD9xv/5HwI1OAC4XN+yd1fJOcb

Malware Config

Extracted

Family

redline

Botnet

max

C2

185.161.248.73:4164

Attributes
  • auth_value

    efb1499709a5d08ed1ddf71cff71211f

Targets

    • Target

      5e1c47fa15607f0181a265844141992a9ea68d1bdd7387361a175e266a7d4286

    • Size

      1.5MB

    • MD5

      4ddf89aeb6340d26236ef6f8a6a34441

    • SHA1

      00fbf733ae703d1bed55778a8bdc88b5c9c63485

    • SHA256

      5e1c47fa15607f0181a265844141992a9ea68d1bdd7387361a175e266a7d4286

    • SHA512

      d3a2081877be77734e121123528e13466022c08f7d4185bf4e122fc476d0e8123a00a041bf0ced8ebfc3f68bd451d709c714a4a97381d5d9f306122083ce4bb1

    • SSDEEP

      24576:wygx75mYLNDYKR/v/5Hw4oW1OZxMfdqpklFPRZ/KgJay6EJ1fJOcbtV:3gxFlD9xv/5HwI1OAC4XN+yd1fJOcb

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks