General

  • Target

    00fc5fa50068d1f30b442dd348f2c87d456e967e96c7895b972a109b92a6da56

  • Size

    479KB

  • Sample

    241109-fpwdysybjg

  • MD5

    a12ad6f25fecdf9ee097441a910d3509

  • SHA1

    19159f2c6602323b0db76ffa6dd5e2b0f4d98814

  • SHA256

    00fc5fa50068d1f30b442dd348f2c87d456e967e96c7895b972a109b92a6da56

  • SHA512

    4579c0637adfad4a6359d4778d576ae5ce3faa57e65385161e6739c37c4bb8db52489a33a49277c3bc580276c1e0d7e61bd3d05c92dddcb8e622f1adae46fc12

  • SSDEEP

    12288:mMrUy90GMABzEOX4SgLeVdnk33paD31h9fOe:OypMkorSgidkpG3T5Oe

Malware Config

Extracted

Family

redline

Botnet

divan

C2

217.196.96.102:4132

Attributes
  • auth_value

    b414986bebd7f5a3ec9aee0341b8e769

Targets

    • Target

      00fc5fa50068d1f30b442dd348f2c87d456e967e96c7895b972a109b92a6da56

    • Size

      479KB

    • MD5

      a12ad6f25fecdf9ee097441a910d3509

    • SHA1

      19159f2c6602323b0db76ffa6dd5e2b0f4d98814

    • SHA256

      00fc5fa50068d1f30b442dd348f2c87d456e967e96c7895b972a109b92a6da56

    • SHA512

      4579c0637adfad4a6359d4778d576ae5ce3faa57e65385161e6739c37c4bb8db52489a33a49277c3bc580276c1e0d7e61bd3d05c92dddcb8e622f1adae46fc12

    • SSDEEP

      12288:mMrUy90GMABzEOX4SgLeVdnk33paD31h9fOe:OypMkorSgidkpG3T5Oe

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks