General

  • Target

    25cac4ce801962521dbb6b7e4177763c6ceb23d29237ef463309113bc4cdc423

  • Size

    1.5MB

  • Sample

    241110-at32psykem

  • MD5

    791de287b178ed750401c484f3f4c257

  • SHA1

    dc45a8647a0940eac6299c02b32f9f075c0f6780

  • SHA256

    25cac4ce801962521dbb6b7e4177763c6ceb23d29237ef463309113bc4cdc423

  • SHA512

    773cb29f4a5b5f940d0a97908a7803e69a1924a1fcc044f03213714cd0bc75db7cd556f7b14ec1c2696ccf54c06d3f9d5a6f392bfa9fff0ed1ae9821f18ce9b2

  • SSDEEP

    24576:Ny175C0TSmP4SpcwrqmrFE3RTkWGXrvIQCyIYdry7Cyfo3UA7YOZY58:oN5ZTTP4+zrKkl7AQCyIYByxO7fZ

Malware Config

Extracted

Family

redline

Botnet

mazda

C2

217.196.96.56:4138

Attributes
  • auth_value

    3d2870537d84a4c6d7aeecd002871c51

Targets

    • Target

      25cac4ce801962521dbb6b7e4177763c6ceb23d29237ef463309113bc4cdc423

    • Size

      1.5MB

    • MD5

      791de287b178ed750401c484f3f4c257

    • SHA1

      dc45a8647a0940eac6299c02b32f9f075c0f6780

    • SHA256

      25cac4ce801962521dbb6b7e4177763c6ceb23d29237ef463309113bc4cdc423

    • SHA512

      773cb29f4a5b5f940d0a97908a7803e69a1924a1fcc044f03213714cd0bc75db7cd556f7b14ec1c2696ccf54c06d3f9d5a6f392bfa9fff0ed1ae9821f18ce9b2

    • SSDEEP

      24576:Ny175C0TSmP4SpcwrqmrFE3RTkWGXrvIQCyIYdry7Cyfo3UA7YOZY58:oN5ZTTP4+zrKkl7AQCyIYByxO7fZ

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks