General

  • Target

    3622ea50ee56c7ecdf9485930252235507969bf65388f0ac5aded57def748421

  • Size

    546KB

  • Sample

    241110-a56lzaymbr

  • MD5

    223698775c6213e5e08b60bb8f4b521f

  • SHA1

    c2a5685503ce6318150182e7823009f51e5a7888

  • SHA256

    3622ea50ee56c7ecdf9485930252235507969bf65388f0ac5aded57def748421

  • SHA512

    d1cae6a22105ebd74c398c6371572403943eab8b23a94f3d41f5515df215c87ecac16026217f977080017a9d31dbe7f976da5087d0de0e98487abb0624317ffe

  • SSDEEP

    12288:TMrpy90KpmVHIju5CghUTHMQ9nyfmxLL+P8M9J2:OyWVHG6CgxZmNq8H

Malware Config

Extracted

Family

redline

Botnet

stek

C2

melevv.eu:4162

Attributes
  • auth_value

    4205381daf6946b2df5fe3bc7eacc918

Targets

    • Target

      3622ea50ee56c7ecdf9485930252235507969bf65388f0ac5aded57def748421

    • Size

      546KB

    • MD5

      223698775c6213e5e08b60bb8f4b521f

    • SHA1

      c2a5685503ce6318150182e7823009f51e5a7888

    • SHA256

      3622ea50ee56c7ecdf9485930252235507969bf65388f0ac5aded57def748421

    • SHA512

      d1cae6a22105ebd74c398c6371572403943eab8b23a94f3d41f5515df215c87ecac16026217f977080017a9d31dbe7f976da5087d0de0e98487abb0624317ffe

    • SSDEEP

      12288:TMrpy90KpmVHIju5CghUTHMQ9nyfmxLL+P8M9J2:OyWVHG6CgxZmNq8H

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks