General

  • Target

    104ec2f469933bcd093db07275f22f981c2770dae55a9b0b71c546bd5d55ab2f

  • Size

    480KB

  • Sample

    241109-xr4a1ssran

  • MD5

    5a41f151a62dc50a6d84230cfb082d5f

  • SHA1

    7fb19a32ab54755c917405787a4adc75177a8d74

  • SHA256

    104ec2f469933bcd093db07275f22f981c2770dae55a9b0b71c546bd5d55ab2f

  • SHA512

    0986cc4dcf94161c2deb80963fde5827ab391e5533f127c3b57cf60d464f6e2bb679a258ab71774b0df2e3ea2ea44be1a0672ab32d223707430d20d1d1fbe6a4

  • SSDEEP

    12288:xMrHy90Pi7+HxDY6vRO2YziyAStIudWQXq:Oy0i7+JYIRezZxtq

Malware Config

Extracted

Family

redline

Botnet

misfa

C2

217.196.96.101:4132

Attributes
  • auth_value

    be2e6d9f1a5e54a81340947b20e561c1

Targets

    • Target

      104ec2f469933bcd093db07275f22f981c2770dae55a9b0b71c546bd5d55ab2f

    • Size

      480KB

    • MD5

      5a41f151a62dc50a6d84230cfb082d5f

    • SHA1

      7fb19a32ab54755c917405787a4adc75177a8d74

    • SHA256

      104ec2f469933bcd093db07275f22f981c2770dae55a9b0b71c546bd5d55ab2f

    • SHA512

      0986cc4dcf94161c2deb80963fde5827ab391e5533f127c3b57cf60d464f6e2bb679a258ab71774b0df2e3ea2ea44be1a0672ab32d223707430d20d1d1fbe6a4

    • SSDEEP

      12288:xMrHy90Pi7+HxDY6vRO2YziyAStIudWQXq:Oy0i7+JYIRezZxtq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks