General

  • Target

    c243e922009ec4a640266001b1b5ada386aead2262444a31c256baa7c92504ff

  • Size

    531KB

  • Sample

    241109-edbdzaxarb

  • MD5

    651715deb67d6effd27dd6e8194154ab

  • SHA1

    11e0328f2f1fb499c7cf1875f31baf058f49626b

  • SHA256

    c243e922009ec4a640266001b1b5ada386aead2262444a31c256baa7c92504ff

  • SHA512

    b02703e75e07d242f4d0287690d5bb9d869d170fa32f27049cd9d489b29d21d82ec327ceb37cefc5b3e1da59c454d8032bf36d9f8d8ee4dc9b620135251d4f6c

  • SSDEEP

    12288:3MrBy90huyIcbrCjyuUjyl0l1gMGXtYJqscclWjI:uycIAWdWla/jsdl9

Malware Config

Extracted

Family

redline

Botnet

rulit

C2

pedigj.eu:4162

Attributes
  • auth_value

    f4df9ef56871d4ac883b282abaf635e0

Targets

    • Target

      c243e922009ec4a640266001b1b5ada386aead2262444a31c256baa7c92504ff

    • Size

      531KB

    • MD5

      651715deb67d6effd27dd6e8194154ab

    • SHA1

      11e0328f2f1fb499c7cf1875f31baf058f49626b

    • SHA256

      c243e922009ec4a640266001b1b5ada386aead2262444a31c256baa7c92504ff

    • SHA512

      b02703e75e07d242f4d0287690d5bb9d869d170fa32f27049cd9d489b29d21d82ec327ceb37cefc5b3e1da59c454d8032bf36d9f8d8ee4dc9b620135251d4f6c

    • SSDEEP

      12288:3MrBy90huyIcbrCjyuUjyl0l1gMGXtYJqscclWjI:uycIAWdWla/jsdl9

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks