General

  • Target

    c5b634c1430e8699a6f0b3483d4a46e6b6589b36f7dde29f383656bdea8930d9

  • Size

    480KB

  • Sample

    241110-aqp1nsvkc1

  • MD5

    886d8d0d9ca278b319b358e188cf7b03

  • SHA1

    abc27901e20fbb9eb3c9a383ff16456ceb2a2bf6

  • SHA256

    c5b634c1430e8699a6f0b3483d4a46e6b6589b36f7dde29f383656bdea8930d9

  • SHA512

    0806f78b4e31438cf136c1528ccd3861f77e87dec4282b37d98d5e859a1adbc5508143358761b1cf4bad7acc6e166e6eb20b7ee4b8d42aa4c4b46dc095042d44

  • SSDEEP

    6144:Kky+bnr+yp0yN90QErTC4g/+6rkReWEUXctuTP8ULLX/wRaB1cklm6yhlHy2fWqF:sMrGy90c+nDMw6u1FV+bF1ho2NF

Malware Config

Extracted

Family

redline

Botnet

dease

C2

217.196.96.101:4132

Attributes
  • auth_value

    82e4d5f9abc21848e0345118814a4e6c

Targets

    • Target

      c5b634c1430e8699a6f0b3483d4a46e6b6589b36f7dde29f383656bdea8930d9

    • Size

      480KB

    • MD5

      886d8d0d9ca278b319b358e188cf7b03

    • SHA1

      abc27901e20fbb9eb3c9a383ff16456ceb2a2bf6

    • SHA256

      c5b634c1430e8699a6f0b3483d4a46e6b6589b36f7dde29f383656bdea8930d9

    • SHA512

      0806f78b4e31438cf136c1528ccd3861f77e87dec4282b37d98d5e859a1adbc5508143358761b1cf4bad7acc6e166e6eb20b7ee4b8d42aa4c4b46dc095042d44

    • SSDEEP

      6144:Kky+bnr+yp0yN90QErTC4g/+6rkReWEUXctuTP8ULLX/wRaB1cklm6yhlHy2fWqF:sMrGy90c+nDMw6u1FV+bF1ho2NF

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks