General

  • Target

    8fcf12f308c0e56a38957f3da25cd5898dd850c7915803337e7539e745273817

  • Size

    1.5MB

  • Sample

    241109-d8frhawldw

  • MD5

    d72da8192b8c7260aba00316ac044665

  • SHA1

    5183d8db1fccd555eb22ecb7f4e5ad13329a6b4d

  • SHA256

    8fcf12f308c0e56a38957f3da25cd5898dd850c7915803337e7539e745273817

  • SHA512

    435736465dff4558a814288b42fc6e2884dc66b200adf901d2e989e411302245168ddc2697609714bd4121c577d087f107df99516c6033f9736c92f982b57798

  • SSDEEP

    24576:2yVMK2JNvdVGkgQiytttTbTTbgimiOeeyq6G8tTpYnG/S1v8cPtTodbpTzOmPSAO:FL2FV0Qiyntn0BiOeUDGwloFdOmP1

Malware Config

Extracted

Family

redline

Botnet

maxbi

C2

185.161.248.73:4164

Attributes
  • auth_value

    6aa7dba884fe45693dfa04c91440daef

Targets

    • Target

      8fcf12f308c0e56a38957f3da25cd5898dd850c7915803337e7539e745273817

    • Size

      1.5MB

    • MD5

      d72da8192b8c7260aba00316ac044665

    • SHA1

      5183d8db1fccd555eb22ecb7f4e5ad13329a6b4d

    • SHA256

      8fcf12f308c0e56a38957f3da25cd5898dd850c7915803337e7539e745273817

    • SHA512

      435736465dff4558a814288b42fc6e2884dc66b200adf901d2e989e411302245168ddc2697609714bd4121c577d087f107df99516c6033f9736c92f982b57798

    • SSDEEP

      24576:2yVMK2JNvdVGkgQiytttTbTTbgimiOeeyq6G8tTpYnG/S1v8cPtTodbpTzOmPSAO:FL2FV0Qiyntn0BiOeUDGwloFdOmP1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks