General

  • Target

    3e3846ae8134272edf6a18e798f372fd66389dffb9c03410221a3cbd31b8a398

  • Size

    479KB

  • Sample

    241110-awtwtaykhj

  • MD5

    3c74e805b59807f44b8ccbbf0404af38

  • SHA1

    cbe7bd9a4e021f854742d5c5458e1f099c205ecf

  • SHA256

    3e3846ae8134272edf6a18e798f372fd66389dffb9c03410221a3cbd31b8a398

  • SHA512

    1f45f1907df5c7ed20ab2d91e127b1a23f8a2ca74d1266482e0ea23c2e71d9304bc867c8be247b0b1b7d21cfd2ba0d8dea0fe6cc8b98c79efa71a70bfb358c39

  • SSDEEP

    12288:pMryy90evXJvKbiixTnQE8I2n+TTIRnh:jy7vQiat89n+T8Rh

Malware Config

Extracted

Family

redline

Botnet

dona

C2

217.196.96.101:4132

Attributes
  • auth_value

    9fbb198992bbc83a84ab1f21384813e3

Targets

    • Target

      3e3846ae8134272edf6a18e798f372fd66389dffb9c03410221a3cbd31b8a398

    • Size

      479KB

    • MD5

      3c74e805b59807f44b8ccbbf0404af38

    • SHA1

      cbe7bd9a4e021f854742d5c5458e1f099c205ecf

    • SHA256

      3e3846ae8134272edf6a18e798f372fd66389dffb9c03410221a3cbd31b8a398

    • SHA512

      1f45f1907df5c7ed20ab2d91e127b1a23f8a2ca74d1266482e0ea23c2e71d9304bc867c8be247b0b1b7d21cfd2ba0d8dea0fe6cc8b98c79efa71a70bfb358c39

    • SSDEEP

      12288:pMryy90evXJvKbiixTnQE8I2n+TTIRnh:jy7vQiat89n+T8Rh

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks