General

  • Target

    6b7f7877cc399ea36698515ca02140ae232d92051dd4288e02ff9bf38853b514

  • Size

    1.4MB

  • Sample

    241109-y6j2cstrdl

  • MD5

    fb63e88c2882b510fd10ead70fc3b0e7

  • SHA1

    a845d1495f1a174163c0261723d93a7ff7505dcf

  • SHA256

    6b7f7877cc399ea36698515ca02140ae232d92051dd4288e02ff9bf38853b514

  • SHA512

    a9356a3978c031effad99d63d975a9e7faaee07487906ac09a02bd7172506c243d77e0b53faa79dc3fcf9787cb7016f8d758c57a2736a206e6ac70987dfc62b3

  • SSDEEP

    24576:Ly7b0rK22Q+o1iWFM0s5EqTov0qn+3pVJYP2IDiP6OzhyhLdxxHEw31/T2x/Op9:+7b0m22Lob2g0I+33+DiP60yh5xxHEwF

Malware Config

Extracted

Family

redline

Botnet

mask

C2

217.196.96.56:4138

Attributes
  • auth_value

    31aef25be0febb8e491794ef7f502c50

Targets

    • Target

      6b7f7877cc399ea36698515ca02140ae232d92051dd4288e02ff9bf38853b514

    • Size

      1.4MB

    • MD5

      fb63e88c2882b510fd10ead70fc3b0e7

    • SHA1

      a845d1495f1a174163c0261723d93a7ff7505dcf

    • SHA256

      6b7f7877cc399ea36698515ca02140ae232d92051dd4288e02ff9bf38853b514

    • SHA512

      a9356a3978c031effad99d63d975a9e7faaee07487906ac09a02bd7172506c243d77e0b53faa79dc3fcf9787cb7016f8d758c57a2736a206e6ac70987dfc62b3

    • SSDEEP

      24576:Ly7b0rK22Q+o1iWFM0s5EqTov0qn+3pVJYP2IDiP6OzhyhLdxxHEw31/T2x/Op9:+7b0m22Lob2g0I+33+DiP60yh5xxHEwF

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks