General

  • Target

    01ac52df0826dc5ba44831e4d5aaee73662a8b4119630878b004604765a898fe

  • Size

    1.5MB

  • Sample

    241110-a41pbswbkq

  • MD5

    c090c89124b65741d837d24aa946e726

  • SHA1

    ea0b4a9618beedb45488c0ebce1f8b53ee086b59

  • SHA256

    01ac52df0826dc5ba44831e4d5aaee73662a8b4119630878b004604765a898fe

  • SHA512

    5b6f12c099bb0dac51528044b2c3fa9169d07d7a31ab73a6e4720ae71567677b18dc356f4114eee99e720da528b878ac1cc9d813313a9b833d802b04bc946f23

  • SSDEEP

    24576:mybILpofP1eMI0q7ll1qhiR7ngX9h/bSGLndWRy5mC7jJBhS6cQNbotcXFO7gFVW:1bQifP1BqhlqDdmsvfjhv7IcV2Fp

Malware Config

Extracted

Family

redline

Botnet

mazda

C2

217.196.96.56:4138

Attributes
  • auth_value

    3d2870537d84a4c6d7aeecd002871c51

Targets

    • Target

      01ac52df0826dc5ba44831e4d5aaee73662a8b4119630878b004604765a898fe

    • Size

      1.5MB

    • MD5

      c090c89124b65741d837d24aa946e726

    • SHA1

      ea0b4a9618beedb45488c0ebce1f8b53ee086b59

    • SHA256

      01ac52df0826dc5ba44831e4d5aaee73662a8b4119630878b004604765a898fe

    • SHA512

      5b6f12c099bb0dac51528044b2c3fa9169d07d7a31ab73a6e4720ae71567677b18dc356f4114eee99e720da528b878ac1cc9d813313a9b833d802b04bc946f23

    • SSDEEP

      24576:mybILpofP1eMI0q7ll1qhiR7ngX9h/bSGLndWRy5mC7jJBhS6cQNbotcXFO7gFVW:1bQifP1BqhlqDdmsvfjhv7IcV2Fp

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks