General

  • Target

    db9219d75da53ab1468d533b43e5628085e72fe7a75586ea2d044c5d3b561ee6

  • Size

    480KB

  • Sample

    241110-a5yalaymbm

  • MD5

    03d9639714f74b4ebea2c0e479256f3a

  • SHA1

    421fa1de8c66d80a275c565dfe4085762e573e48

  • SHA256

    db9219d75da53ab1468d533b43e5628085e72fe7a75586ea2d044c5d3b561ee6

  • SHA512

    b9ef9297404ae51ee41d3eac22a6f3feb984f683c7c62046a89e1bf040baa6602cbc9d35b2d90b8cb0dae5508fe02842a48a9d8c816441cff474303ae0cd931e

  • SSDEEP

    12288:jMrTy90hvgW5ViOPunNqmYyVvNRpz1wd:sya6YcNDj/wd

Malware Config

Extracted

Family

redline

Botnet

misar

C2

217.196.96.101:4132

Attributes
  • auth_value

    069dd9eeee8cff502b661416888f692a

Targets

    • Target

      db9219d75da53ab1468d533b43e5628085e72fe7a75586ea2d044c5d3b561ee6

    • Size

      480KB

    • MD5

      03d9639714f74b4ebea2c0e479256f3a

    • SHA1

      421fa1de8c66d80a275c565dfe4085762e573e48

    • SHA256

      db9219d75da53ab1468d533b43e5628085e72fe7a75586ea2d044c5d3b561ee6

    • SHA512

      b9ef9297404ae51ee41d3eac22a6f3feb984f683c7c62046a89e1bf040baa6602cbc9d35b2d90b8cb0dae5508fe02842a48a9d8c816441cff474303ae0cd931e

    • SSDEEP

      12288:jMrTy90hvgW5ViOPunNqmYyVvNRpz1wd:sya6YcNDj/wd

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks