General

  • Target

    bd88228d6d3b628f0af40cea11a31f87c87751a37745d0e04eb688ee9a4dca2b

  • Size

    1.5MB

  • Sample

    241109-x63yss1ame

  • MD5

    05674de10c9fa37dcb7a356647269426

  • SHA1

    7774bd25546a27492227e94c8433a0998348eac3

  • SHA256

    bd88228d6d3b628f0af40cea11a31f87c87751a37745d0e04eb688ee9a4dca2b

  • SHA512

    a6b585912c244745f5ee6e940a19748c7137a2026827bda928bc04f57a9906c3dd31469069f793b5957860cb216ee3666f5032308888c521aecf98241e74e73f

  • SSDEEP

    24576:OyMb9vGRkOv0G68fwKgiqoOP/i+TmGO7WgtaD7lA99hojPRjnz4ev1U1cIfc14Ay:d8UGGTltqN3bTMjwDpA94Px5tU104A

Malware Config

Extracted

Family

redline

Botnet

max

C2

185.161.248.73:4164

Attributes
  • auth_value

    efb1499709a5d08ed1ddf71cff71211f

Targets

    • Target

      bd88228d6d3b628f0af40cea11a31f87c87751a37745d0e04eb688ee9a4dca2b

    • Size

      1.5MB

    • MD5

      05674de10c9fa37dcb7a356647269426

    • SHA1

      7774bd25546a27492227e94c8433a0998348eac3

    • SHA256

      bd88228d6d3b628f0af40cea11a31f87c87751a37745d0e04eb688ee9a4dca2b

    • SHA512

      a6b585912c244745f5ee6e940a19748c7137a2026827bda928bc04f57a9906c3dd31469069f793b5957860cb216ee3666f5032308888c521aecf98241e74e73f

    • SSDEEP

      24576:OyMb9vGRkOv0G68fwKgiqoOP/i+TmGO7WgtaD7lA99hojPRjnz4ev1U1cIfc14Ay:d8UGGTltqN3bTMjwDpA94Px5tU104A

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks