General

  • Target

    32496a77800773c81995fa747f88792be538ea2d13481d839bfb5ca232dc9609

  • Size

    1.5MB

  • Sample

    241109-gnqbzsykbs

  • MD5

    8679781ebd0d506bd0980a70287a6b09

  • SHA1

    170c1de975bda7c68efcbbdbba9fb2e30ac56943

  • SHA256

    32496a77800773c81995fa747f88792be538ea2d13481d839bfb5ca232dc9609

  • SHA512

    339057322e44b66e8cc2f3b5840c7fb93cdbc3af29ab1d459bdaf7c3d4f4fba2b8c13bef22232fbb223dc8213305fcf4bfb0c67b6678df86f17ef9214c008060

  • SSDEEP

    24576:1yfKQo7VsHZowwHitDV3t/pFEv4+LIgKHqQEfLNJECxpsHTJYEF/7xog:QfdHZo7ClzMv4+D3RECxpsz5F/7xo

Malware Config

Extracted

Family

redline

Botnet

mask

C2

217.196.96.56:4138

Attributes
  • auth_value

    31aef25be0febb8e491794ef7f502c50

Targets

    • Target

      32496a77800773c81995fa747f88792be538ea2d13481d839bfb5ca232dc9609

    • Size

      1.5MB

    • MD5

      8679781ebd0d506bd0980a70287a6b09

    • SHA1

      170c1de975bda7c68efcbbdbba9fb2e30ac56943

    • SHA256

      32496a77800773c81995fa747f88792be538ea2d13481d839bfb5ca232dc9609

    • SHA512

      339057322e44b66e8cc2f3b5840c7fb93cdbc3af29ab1d459bdaf7c3d4f4fba2b8c13bef22232fbb223dc8213305fcf4bfb0c67b6678df86f17ef9214c008060

    • SSDEEP

      24576:1yfKQo7VsHZowwHitDV3t/pFEv4+LIgKHqQEfLNJECxpsHTJYEF/7xog:QfdHZo7ClzMv4+D3RECxpsz5F/7xo

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks