General

  • Target

    b7dc01173f86b90cd8a3622bca15b28b5a7f117128867a6ddf7ccd06bc8cfb18

  • Size

    481KB

  • Sample

    241109-empmyszmek

  • MD5

    5211929951d02935d6ad4c9710e1cc07

  • SHA1

    9ed4a550307e39ac90adb853d159d8df48a5083e

  • SHA256

    b7dc01173f86b90cd8a3622bca15b28b5a7f117128867a6ddf7ccd06bc8cfb18

  • SHA512

    a34a8143b005444536b558441a6fa6c1a420524ef497449ff518655d6ca133b9fb5237dcb82e5547b99520eac8e35e4577ac8263e6762f92b0d9e618c1ef079c

  • SSDEEP

    12288:tMr7y90KH/gkXliORE0c4PVD1P2aLkLV:GyVpsWEf4PBkaLkLV

Malware Config

Extracted

Family

redline

Botnet

misar

C2

217.196.96.101:4132

Attributes
  • auth_value

    069dd9eeee8cff502b661416888f692a

Targets

    • Target

      b7dc01173f86b90cd8a3622bca15b28b5a7f117128867a6ddf7ccd06bc8cfb18

    • Size

      481KB

    • MD5

      5211929951d02935d6ad4c9710e1cc07

    • SHA1

      9ed4a550307e39ac90adb853d159d8df48a5083e

    • SHA256

      b7dc01173f86b90cd8a3622bca15b28b5a7f117128867a6ddf7ccd06bc8cfb18

    • SHA512

      a34a8143b005444536b558441a6fa6c1a420524ef497449ff518655d6ca133b9fb5237dcb82e5547b99520eac8e35e4577ac8263e6762f92b0d9e618c1ef079c

    • SSDEEP

      12288:tMr7y90KH/gkXliORE0c4PVD1P2aLkLV:GyVpsWEf4PBkaLkLV

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks