General

  • Target

    fd2d4510391ae0529ee97dae6ae67fd091da5b60d01e486d2e64e27f3b4032e7

  • Size

    479KB

  • Sample

    241109-d7m47awlcx

  • MD5

    771909845d3033090d3cdb3e693eced5

  • SHA1

    aff65e58f634111d08bfec994299933e0477e03a

  • SHA256

    fd2d4510391ae0529ee97dae6ae67fd091da5b60d01e486d2e64e27f3b4032e7

  • SHA512

    70459be7cb56f46755c744cdbc948767bc3b1b7dd3f06963e2b8ea0ce5095973fa04662402dd6f19c9dc59e9d59e90566aabf7d61c0a8c8b7d25bf5ade0e6b13

  • SSDEEP

    6144:Kdy+bnr+Wp0yN90QEhtjzrZyH4MDtIA/1DhueIfMWY4acdvGuQ3S4rwhM0G3ljAW:/Mray90JtyYeZg04aoas7GqiDXBa7O

Malware Config

Extracted

Family

redline

Botnet

madis

C2

217.196.96.101:4132

Attributes
  • auth_value

    f0f6957979665a81f596383c31a1c944

Targets

    • Target

      fd2d4510391ae0529ee97dae6ae67fd091da5b60d01e486d2e64e27f3b4032e7

    • Size

      479KB

    • MD5

      771909845d3033090d3cdb3e693eced5

    • SHA1

      aff65e58f634111d08bfec994299933e0477e03a

    • SHA256

      fd2d4510391ae0529ee97dae6ae67fd091da5b60d01e486d2e64e27f3b4032e7

    • SHA512

      70459be7cb56f46755c744cdbc948767bc3b1b7dd3f06963e2b8ea0ce5095973fa04662402dd6f19c9dc59e9d59e90566aabf7d61c0a8c8b7d25bf5ade0e6b13

    • SSDEEP

      6144:Kdy+bnr+Wp0yN90QEhtjzrZyH4MDtIA/1DhueIfMWY4acdvGuQ3S4rwhM0G3ljAW:/Mray90JtyYeZg04aoas7GqiDXBa7O

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks