General

  • Target

    2b91b557c9707e6725848d11c1f251b377eee548edf010a2cb4dcf130b85d49e

  • Size

    545KB

  • Sample

    241109-ecaq2sxanh

  • MD5

    2a983266f8f056fb335e04f8dbf2f2e5

  • SHA1

    dd05af90db9ac6ced413c0ac2204c71b678f87f9

  • SHA256

    2b91b557c9707e6725848d11c1f251b377eee548edf010a2cb4dcf130b85d49e

  • SHA512

    ba9205d38c8458d1b9c233c96545368e79b2f2dc634f5a22f42cac7d91da0dba31dce2f902c04ff0fb6126ec2857aff5f7b33cc1e1994b066b3a52ca50920d84

  • SSDEEP

    12288:6Mray90c6puXCvjVRGXo99/ABAXy+orcyQY1:oyB6puX0OX0iWC+a/1

Malware Config

Extracted

Family

redline

Botnet

stek

C2

melevv.eu:4162

Attributes
  • auth_value

    4205381daf6946b2df5fe3bc7eacc918

Targets

    • Target

      2b91b557c9707e6725848d11c1f251b377eee548edf010a2cb4dcf130b85d49e

    • Size

      545KB

    • MD5

      2a983266f8f056fb335e04f8dbf2f2e5

    • SHA1

      dd05af90db9ac6ced413c0ac2204c71b678f87f9

    • SHA256

      2b91b557c9707e6725848d11c1f251b377eee548edf010a2cb4dcf130b85d49e

    • SHA512

      ba9205d38c8458d1b9c233c96545368e79b2f2dc634f5a22f42cac7d91da0dba31dce2f902c04ff0fb6126ec2857aff5f7b33cc1e1994b066b3a52ca50920d84

    • SSDEEP

      12288:6Mray90c6puXCvjVRGXo99/ABAXy+orcyQY1:oyB6puX0OX0iWC+a/1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks