General

  • Target

    224d8a02f5f56cb06523399c067b603734af82b8e35f39a760ceb75c05532d12

  • Size

    489KB

  • Sample

    241110-a6sfqswcmc

  • MD5

    f3cd9829333a3ba2fac730636df6b3d6

  • SHA1

    8b110975e4cb48e30f4b7c1ab6f0e716b35ac221

  • SHA256

    224d8a02f5f56cb06523399c067b603734af82b8e35f39a760ceb75c05532d12

  • SHA512

    89943f9336fdbce0f490fc352349550a6ec9735c5fd1a754a12eb6fd4412caac644c8841c718b48b50d6310fb9c7361a286e0460307c585a9d0ad700c7668401

  • SSDEEP

    12288:FMrIy90Vnqk0/pUR6hO2K+WgFcerp2/jVqBbn64YRuT:NyK8eCNY7Vy6PUT

Malware Config

Extracted

Family

redline

Botnet

lulsa

C2

217.196.96.101:4132

Attributes
  • auth_value

    2bb8e3870ce0ad119d2840b124222121

Targets

    • Target

      224d8a02f5f56cb06523399c067b603734af82b8e35f39a760ceb75c05532d12

    • Size

      489KB

    • MD5

      f3cd9829333a3ba2fac730636df6b3d6

    • SHA1

      8b110975e4cb48e30f4b7c1ab6f0e716b35ac221

    • SHA256

      224d8a02f5f56cb06523399c067b603734af82b8e35f39a760ceb75c05532d12

    • SHA512

      89943f9336fdbce0f490fc352349550a6ec9735c5fd1a754a12eb6fd4412caac644c8841c718b48b50d6310fb9c7361a286e0460307c585a9d0ad700c7668401

    • SSDEEP

      12288:FMrIy90Vnqk0/pUR6hO2K+WgFcerp2/jVqBbn64YRuT:NyK8eCNY7Vy6PUT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks