General

  • Target

    f939de41d60e9ef1e646d190af302ca2af8a655654401663fb29e8f2b3283d74

  • Size

    479KB

  • Sample

    241109-d8tclazjgm

  • MD5

    34e51b84923881c0f11ec47a682ea45a

  • SHA1

    55d3f53354c61e4fb6d806e44bf2829034df7095

  • SHA256

    f939de41d60e9ef1e646d190af302ca2af8a655654401663fb29e8f2b3283d74

  • SHA512

    6514ab63df62c592b8c6a8f991e6e6bbf2a97bfeb663ef67b8c2d482a1b04ceefff59b05f355adf749541e2bec73a57970738196eaa5db0d507a4124f9f4316b

  • SSDEEP

    12288:CMrOy902Ep7gZp7JuisHO0KVZimw8x0/whs9hZ:IylZp7Juif0KPigJh6

Malware Config

Extracted

Family

redline

Botnet

dona

C2

217.196.96.101:4132

Attributes
  • auth_value

    9fbb198992bbc83a84ab1f21384813e3

Targets

    • Target

      f939de41d60e9ef1e646d190af302ca2af8a655654401663fb29e8f2b3283d74

    • Size

      479KB

    • MD5

      34e51b84923881c0f11ec47a682ea45a

    • SHA1

      55d3f53354c61e4fb6d806e44bf2829034df7095

    • SHA256

      f939de41d60e9ef1e646d190af302ca2af8a655654401663fb29e8f2b3283d74

    • SHA512

      6514ab63df62c592b8c6a8f991e6e6bbf2a97bfeb663ef67b8c2d482a1b04ceefff59b05f355adf749541e2bec73a57970738196eaa5db0d507a4124f9f4316b

    • SSDEEP

      12288:CMrOy902Ep7gZp7JuisHO0KVZimw8x0/whs9hZ:IylZp7Juif0KPigJh6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks