General

  • Target

    ae2c805c1db9faf877ccdae3c7791dd18fb76da342e4f0d5f524bca6012f4e5a

  • Size

    551KB

  • Sample

    241109-x16shatjfm

  • MD5

    fdefb84144708fbd68f79cccce98c7ba

  • SHA1

    0f56fdadafcdf22618c9eb15cb83f595134f31a6

  • SHA256

    ae2c805c1db9faf877ccdae3c7791dd18fb76da342e4f0d5f524bca6012f4e5a

  • SHA512

    e343b0903e18ea7171908efcecae25bf4ed60539161c06ff4f325e351ec95b844976d8bef600634a964d338dffad19edc880905a9d303aed4f335a1426740f3f

  • SSDEEP

    12288:zMruy90973LhVfhNN2W/25fX0luEd9wLqzdUPAb8zbn54Oo8U/X:xy23lVfMCk0damSg8h4Ooh/X

Malware Config

Extracted

Family

redline

Botnet

stek

C2

melevv.eu:4162

Attributes
  • auth_value

    4205381daf6946b2df5fe3bc7eacc918

Targets

    • Target

      ae2c805c1db9faf877ccdae3c7791dd18fb76da342e4f0d5f524bca6012f4e5a

    • Size

      551KB

    • MD5

      fdefb84144708fbd68f79cccce98c7ba

    • SHA1

      0f56fdadafcdf22618c9eb15cb83f595134f31a6

    • SHA256

      ae2c805c1db9faf877ccdae3c7791dd18fb76da342e4f0d5f524bca6012f4e5a

    • SHA512

      e343b0903e18ea7171908efcecae25bf4ed60539161c06ff4f325e351ec95b844976d8bef600634a964d338dffad19edc880905a9d303aed4f335a1426740f3f

    • SSDEEP

      12288:zMruy90973LhVfhNN2W/25fX0luEd9wLqzdUPAb8zbn54Oo8U/X:xy23lVfMCk0damSg8h4Ooh/X

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks