General

  • Target

    af41b69d3987d0e0c28d57034dbba4e9302b9d88acd4b1f9f902e3ad767919af

  • Size

    992KB

  • Sample

    241109-mj8wessglm

  • MD5

    2f280b4c082ba518ebd79169d6aa5f45

  • SHA1

    ee9447815121880852ce31b06f5c45376ddf9a80

  • SHA256

    af41b69d3987d0e0c28d57034dbba4e9302b9d88acd4b1f9f902e3ad767919af

  • SHA512

    04a2eb8aede4b58f425f83514c10090d595e0131079971d98b57f7abbd260ef455bfed23484e1ebd522a8da32e10248ab43870bd4afb659e24570e29ca7de1dd

  • SSDEEP

    24576:AylTofCapAwY04kgWJTeboTRqWeShVm4:H6OWJeboZ

Malware Config

Extracted

Family

redline

Botnet

mixer

C2

185.161.248.75:4132

Attributes
  • auth_value

    3668eba4f0cb1021a9e9ed55e76ed85e

Targets

    • Target

      af41b69d3987d0e0c28d57034dbba4e9302b9d88acd4b1f9f902e3ad767919af

    • Size

      992KB

    • MD5

      2f280b4c082ba518ebd79169d6aa5f45

    • SHA1

      ee9447815121880852ce31b06f5c45376ddf9a80

    • SHA256

      af41b69d3987d0e0c28d57034dbba4e9302b9d88acd4b1f9f902e3ad767919af

    • SHA512

      04a2eb8aede4b58f425f83514c10090d595e0131079971d98b57f7abbd260ef455bfed23484e1ebd522a8da32e10248ab43870bd4afb659e24570e29ca7de1dd

    • SSDEEP

      24576:AylTofCapAwY04kgWJTeboTRqWeShVm4:H6OWJeboZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks