General

  • Target

    b157f8caab021130657986c30bcc520cf0e53c933035adf78b88caea18a4dde9

  • Size

    1.5MB

  • Sample

    241109-d84hkazjgq

  • MD5

    0161db63f9e307bc62d98b22a3b5f565

  • SHA1

    0a5b855c14dd26fca034b9d5b86c885f75061b39

  • SHA256

    b157f8caab021130657986c30bcc520cf0e53c933035adf78b88caea18a4dde9

  • SHA512

    afdc8b7dc56747b22a863c4ca8a95b76dbab428ff82fcc1d9d92233de5f6aee5cc52538fecd4e33f9948f6dd821bd70cb8436cd1337da617eabc31e8dc965155

  • SSDEEP

    24576:CyePAVGK6K986RSd1xxJziATQzUVWyjx4TFGWkYKxjmuNleOMucv6RNpCY08EEDw:p2AV8K986kTJziA0zsxGkWCzIE6

Malware Config

Extracted

Family

redline

Botnet

maza

C2

185.161.248.73:4164

Attributes
  • auth_value

    474d54c1c2f5291290c53f8378acd684

Targets

    • Target

      b157f8caab021130657986c30bcc520cf0e53c933035adf78b88caea18a4dde9

    • Size

      1.5MB

    • MD5

      0161db63f9e307bc62d98b22a3b5f565

    • SHA1

      0a5b855c14dd26fca034b9d5b86c885f75061b39

    • SHA256

      b157f8caab021130657986c30bcc520cf0e53c933035adf78b88caea18a4dde9

    • SHA512

      afdc8b7dc56747b22a863c4ca8a95b76dbab428ff82fcc1d9d92233de5f6aee5cc52538fecd4e33f9948f6dd821bd70cb8436cd1337da617eabc31e8dc965155

    • SSDEEP

      24576:CyePAVGK6K986RSd1xxJziATQzUVWyjx4TFGWkYKxjmuNleOMucv6RNpCY08EEDw:p2AV8K986kTJziA0zsxGkWCzIE6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks