General

  • Target

    25503748468ccf98effc7c449a0fc482e2311957f57584276be02229a9c5fe0c

  • Size

    481KB

  • Sample

    241109-eqmmrsznbl

  • MD5

    ce90914b76416daf7efec57140ea0ae6

  • SHA1

    66a4105ea775381e0deef0756802a50e8d12fc4b

  • SHA256

    25503748468ccf98effc7c449a0fc482e2311957f57584276be02229a9c5fe0c

  • SHA512

    71266d88c6acd36b695361ce2677849466d30f7ee57c9d3a17b82f0ef6426c10b35f66f9fcd48db24ed7a717fc2bd4149a60b6d00e5082685b5b8dc46439ea49

  • SSDEEP

    12288:6Mr7y90tE1NjiRTaee/tCmUw8+OjJRkm60W6KZ9W:xyBriQp/tC68+OJOkUXW

Malware Config

Extracted

Family

redline

Botnet

mofun

C2

217.196.96.101:4132

Attributes
  • auth_value

    da5d4987d25c2de43d34fcc99b29fff3

Targets

    • Target

      25503748468ccf98effc7c449a0fc482e2311957f57584276be02229a9c5fe0c

    • Size

      481KB

    • MD5

      ce90914b76416daf7efec57140ea0ae6

    • SHA1

      66a4105ea775381e0deef0756802a50e8d12fc4b

    • SHA256

      25503748468ccf98effc7c449a0fc482e2311957f57584276be02229a9c5fe0c

    • SHA512

      71266d88c6acd36b695361ce2677849466d30f7ee57c9d3a17b82f0ef6426c10b35f66f9fcd48db24ed7a717fc2bd4149a60b6d00e5082685b5b8dc46439ea49

    • SSDEEP

      12288:6Mr7y90tE1NjiRTaee/tCmUw8+OjJRkm60W6KZ9W:xyBriQp/tC68+OJOkUXW

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks