General

  • Target

    27ee8a147924606fe9e69a00919f9a334f87bd66a5a25eed3e30a7a9c0d4674b

  • Size

    545KB

  • Sample

    241109-x2mq1stjgm

  • MD5

    fad538d0a8454d700fc7772403db054a

  • SHA1

    462429986c93d0d9952332d90caea710851a94e6

  • SHA256

    27ee8a147924606fe9e69a00919f9a334f87bd66a5a25eed3e30a7a9c0d4674b

  • SHA512

    f9fa77673164a48110879cf17263da9d721c0230e9c58090e7461ddc971bf5d66651e8f16db9b85f8d1f818b386362d8aadfde928a633e2b742378a63d992340

  • SSDEEP

    12288:rMrgy90Z8/gxm/DRCU1ujPgJmMFXaWtLFmd8CZ:zyn/gxmovj4TltLFm1

Malware Config

Extracted

Family

redline

Botnet

stek

C2

melevv.eu:4162

Attributes
  • auth_value

    4205381daf6946b2df5fe3bc7eacc918

Targets

    • Target

      27ee8a147924606fe9e69a00919f9a334f87bd66a5a25eed3e30a7a9c0d4674b

    • Size

      545KB

    • MD5

      fad538d0a8454d700fc7772403db054a

    • SHA1

      462429986c93d0d9952332d90caea710851a94e6

    • SHA256

      27ee8a147924606fe9e69a00919f9a334f87bd66a5a25eed3e30a7a9c0d4674b

    • SHA512

      f9fa77673164a48110879cf17263da9d721c0230e9c58090e7461ddc971bf5d66651e8f16db9b85f8d1f818b386362d8aadfde928a633e2b742378a63d992340

    • SSDEEP

      12288:rMrgy90Z8/gxm/DRCU1ujPgJmMFXaWtLFmd8CZ:zyn/gxmovj4TltLFm1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks