General

  • Target

    84a593f8aac2b27931c785d712a7daa78e837f6efd5a5c6f5ca6bcb86bcdac3a

  • Size

    479KB

  • Sample

    241109-x29wjs1ajj

  • MD5

    27f883b44e9b074d18c0992bdedcbb5b

  • SHA1

    882c19e7086c59665477a13ba778af01c68132c0

  • SHA256

    84a593f8aac2b27931c785d712a7daa78e837f6efd5a5c6f5ca6bcb86bcdac3a

  • SHA512

    dd3092b66717cc5ba5988b99f725c08bcc4c95852dee0823ea198b70faa78143f5ee727086cc77b783a378c1434b26c7cb961347e0d26b82fd29a2d1e24c0547

  • SSDEEP

    12288:LMrmy90Cm/6GQkOYBc/9a3WcbeVAq1GwqB99Zqu9GmHdaXrbZoy:NyfwQJic/03dbeN1Gtb97kl

Malware Config

Extracted

Family

redline

Botnet

dippo

C2

217.196.96.102:4132

Attributes
  • auth_value

    79490ff628fd6af3b29170c3c163874b

Targets

    • Target

      84a593f8aac2b27931c785d712a7daa78e837f6efd5a5c6f5ca6bcb86bcdac3a

    • Size

      479KB

    • MD5

      27f883b44e9b074d18c0992bdedcbb5b

    • SHA1

      882c19e7086c59665477a13ba778af01c68132c0

    • SHA256

      84a593f8aac2b27931c785d712a7daa78e837f6efd5a5c6f5ca6bcb86bcdac3a

    • SHA512

      dd3092b66717cc5ba5988b99f725c08bcc4c95852dee0823ea198b70faa78143f5ee727086cc77b783a378c1434b26c7cb961347e0d26b82fd29a2d1e24c0547

    • SSDEEP

      12288:LMrmy90Cm/6GQkOYBc/9a3WcbeVAq1GwqB99Zqu9GmHdaXrbZoy:NyfwQJic/03dbeN1Gtb97kl

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks