General

  • Target

    44a196095b216d182215ed3463b85fb36b4b7c2993c987d6193c88b825d36223

  • Size

    1.5MB

  • Sample

    241109-eqvy5swqaw

  • MD5

    7bdc672f31d18c15468a2c212e7577d1

  • SHA1

    64e89a66fb93c32803c4d1c99d0473b63ef2e5e7

  • SHA256

    44a196095b216d182215ed3463b85fb36b4b7c2993c987d6193c88b825d36223

  • SHA512

    23ef714b838af14095a6068790b30a05e22b34fdc38e2ee0fe9e41d52e24c1f61fd881e9a3c2ab793f5cb4f23f4fe6a153e8985947df20a8807bef7355e5de48

  • SSDEEP

    24576:HywjQ3sek0mtbgGopqKCL7xgbIFXxdqdAL6ckn/wpJoPU1z7PBO:Swjmst1CpIL7xgbYxdqdrcsU1PP

Malware Config

Extracted

Family

redline

Botnet

mask

C2

217.196.96.56:4138

Attributes
  • auth_value

    31aef25be0febb8e491794ef7f502c50

Targets

    • Target

      44a196095b216d182215ed3463b85fb36b4b7c2993c987d6193c88b825d36223

    • Size

      1.5MB

    • MD5

      7bdc672f31d18c15468a2c212e7577d1

    • SHA1

      64e89a66fb93c32803c4d1c99d0473b63ef2e5e7

    • SHA256

      44a196095b216d182215ed3463b85fb36b4b7c2993c987d6193c88b825d36223

    • SHA512

      23ef714b838af14095a6068790b30a05e22b34fdc38e2ee0fe9e41d52e24c1f61fd881e9a3c2ab793f5cb4f23f4fe6a153e8985947df20a8807bef7355e5de48

    • SSDEEP

      24576:HywjQ3sek0mtbgGopqKCL7xgbIFXxdqdAL6ckn/wpJoPU1z7PBO:Swjmst1CpIL7xgbYxdqdrcsU1PP

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks