General

  • Target

    3792f24bb214aace5fa9b8ddd4d67b2e327e3f0f92296f11eb76e5d5732c1870

  • Size

    479KB

  • Sample

    241109-gy6fysskcn

  • MD5

    cd7f03dca0915b8580f927443a7e9f0c

  • SHA1

    1d8fe1ea3c406ef81a782428c397fcae8f4dda03

  • SHA256

    3792f24bb214aace5fa9b8ddd4d67b2e327e3f0f92296f11eb76e5d5732c1870

  • SHA512

    ee44bd4aa198b3c5db1c9e70832cf3e4ea2a96b0889c21c8cc2b78b12802d60c6dd12386bf50a66c319410c7840967926c061bede58fc53b54dc13ab0a188f40

  • SSDEEP

    6144:Kuy+bnr+/p0yN90QEkXEYwGZxRwv797gztQKyADdStBTNqpCtHh8o3jr5xbNn6e0:+Mr7y90lY9G7rKyAItpApCBGU5TX0

Malware Config

Extracted

Family

redline

Botnet

maher

C2

217.196.96.101:4132

Attributes
  • auth_value

    c57763165f68aabcf4874e661a1ffbac

Targets

    • Target

      3792f24bb214aace5fa9b8ddd4d67b2e327e3f0f92296f11eb76e5d5732c1870

    • Size

      479KB

    • MD5

      cd7f03dca0915b8580f927443a7e9f0c

    • SHA1

      1d8fe1ea3c406ef81a782428c397fcae8f4dda03

    • SHA256

      3792f24bb214aace5fa9b8ddd4d67b2e327e3f0f92296f11eb76e5d5732c1870

    • SHA512

      ee44bd4aa198b3c5db1c9e70832cf3e4ea2a96b0889c21c8cc2b78b12802d60c6dd12386bf50a66c319410c7840967926c061bede58fc53b54dc13ab0a188f40

    • SSDEEP

      6144:Kuy+bnr+/p0yN90QEkXEYwGZxRwv797gztQKyADdStBTNqpCtHh8o3jr5xbNn6e0:+Mr7y90lY9G7rKyAItpApCBGU5TX0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks