General

  • Target

    cbbb535be7cab71e14d7bba40b6d2c852d59080ae9b890235820a8be13ab1df0

  • Size

    479KB

  • Sample

    241109-gzfxpazann

  • MD5

    70e4b6cc5c454b37fd6692f0ee31785a

  • SHA1

    55c1da440587a9add5282952fff939ae198f72fc

  • SHA256

    cbbb535be7cab71e14d7bba40b6d2c852d59080ae9b890235820a8be13ab1df0

  • SHA512

    af5a76b3ea4c98afa15014909315c630664ec40de5a14b5e6d1239637382dd2820623271920b69cb77cc6b958d9b773d5af007f97cf73d860085e2d29a7858fb

  • SSDEEP

    12288:WMrJy90/QdwNnomFkT0OuvGB6cFqs/AxpP:nyQWT0IFqks

Malware Config

Extracted

Family

redline

Botnet

murka

C2

217.196.96.101:4132

Attributes
  • auth_value

    878a0681ac6ad0e4eb10ef9db07abdd9

Targets

    • Target

      cbbb535be7cab71e14d7bba40b6d2c852d59080ae9b890235820a8be13ab1df0

    • Size

      479KB

    • MD5

      70e4b6cc5c454b37fd6692f0ee31785a

    • SHA1

      55c1da440587a9add5282952fff939ae198f72fc

    • SHA256

      cbbb535be7cab71e14d7bba40b6d2c852d59080ae9b890235820a8be13ab1df0

    • SHA512

      af5a76b3ea4c98afa15014909315c630664ec40de5a14b5e6d1239637382dd2820623271920b69cb77cc6b958d9b773d5af007f97cf73d860085e2d29a7858fb

    • SSDEEP

      12288:WMrJy90/QdwNnomFkT0OuvGB6cFqs/AxpP:nyQWT0IFqks

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks