General

  • Target

    ecaf4a6a4c96979f901af83fd37694127a9abcd97eea37c413568c4209cb68b3

  • Size

    481KB

  • Sample

    241109-f5hg2aydrm

  • MD5

    8d01257c68a6f81f683d7ce0b17d0b2e

  • SHA1

    d36ca60691a64bf3bcee7c2ec391850ebc90dc28

  • SHA256

    ecaf4a6a4c96979f901af83fd37694127a9abcd97eea37c413568c4209cb68b3

  • SHA512

    dade3861be7465aeef4b3d6159d1677d3f4827a7a672e5af7f6c1f7e276a146dcfd9704c49f9596cfb48109dc9b20d204d0382e7d5ba61167c8af5f58a88d4c6

  • SSDEEP

    6144:KZy+bnr+Fp0yN90QEH7XakWsjZNcBcueMmQIPz2UIkjyt28GE65csRtSrhlVaQFD:DMrpy901qpj2qUDOHG8sShvn61+d

Malware Config

Extracted

Family

redline

Botnet

misar

C2

217.196.96.101:4132

Attributes
  • auth_value

    069dd9eeee8cff502b661416888f692a

Targets

    • Target

      ecaf4a6a4c96979f901af83fd37694127a9abcd97eea37c413568c4209cb68b3

    • Size

      481KB

    • MD5

      8d01257c68a6f81f683d7ce0b17d0b2e

    • SHA1

      d36ca60691a64bf3bcee7c2ec391850ebc90dc28

    • SHA256

      ecaf4a6a4c96979f901af83fd37694127a9abcd97eea37c413568c4209cb68b3

    • SHA512

      dade3861be7465aeef4b3d6159d1677d3f4827a7a672e5af7f6c1f7e276a146dcfd9704c49f9596cfb48109dc9b20d204d0382e7d5ba61167c8af5f58a88d4c6

    • SSDEEP

      6144:KZy+bnr+Fp0yN90QEH7XakWsjZNcBcueMmQIPz2UIkjyt28GE65csRtSrhlVaQFD:DMrpy901qpj2qUDOHG8sShvn61+d

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks