General

  • Target

    4e18ea73c10e6ab42f16561883fdea111f68db6643c1631ede03f82e42f2e385

  • Size

    479KB

  • Sample

    241109-gnaxasyhjr

  • MD5

    3c1209d2c6b9efd816ed2f7fe6dfd4b0

  • SHA1

    ac080eebe152816595d749d03ef7973a3380721b

  • SHA256

    4e18ea73c10e6ab42f16561883fdea111f68db6643c1631ede03f82e42f2e385

  • SHA512

    7ac0cde0bce339962d0566404e93a9b71f07c2a09c0c840ae4d094925d06f6baab1df66572608bb5d3ab61ab0a214032545f683c8cbc33b0a7dd056e9cef8857

  • SSDEEP

    12288:gMrwy90Yl++IcdqGru5c1u31eTirO6cAgTVgssDPVB:AyLU+IcIxX4TiOzgssDPX

Malware Config

Extracted

Family

redline

Botnet

dion

C2

217.196.96.101:4132

Attributes
  • auth_value

    6e0b6a3255923968b15f61a2c040c5c9

Targets

    • Target

      4e18ea73c10e6ab42f16561883fdea111f68db6643c1631ede03f82e42f2e385

    • Size

      479KB

    • MD5

      3c1209d2c6b9efd816ed2f7fe6dfd4b0

    • SHA1

      ac080eebe152816595d749d03ef7973a3380721b

    • SHA256

      4e18ea73c10e6ab42f16561883fdea111f68db6643c1631ede03f82e42f2e385

    • SHA512

      7ac0cde0bce339962d0566404e93a9b71f07c2a09c0c840ae4d094925d06f6baab1df66572608bb5d3ab61ab0a214032545f683c8cbc33b0a7dd056e9cef8857

    • SSDEEP

      12288:gMrwy90Yl++IcdqGru5c1u31eTirO6cAgTVgssDPVB:AyLU+IcIxX4TiOzgssDPX

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks