General

  • Target

    74bb323d4706c651e15ff471bd498849150c0b0d255e7590cba3021e267ec6c5

  • Size

    480KB

  • Sample

    241110-b2b4mawke1

  • MD5

    0a692d4581365ccded67dfc64fe26d91

  • SHA1

    8862bc3af1da40110eb628e0e3f935cfa615dc8a

  • SHA256

    74bb323d4706c651e15ff471bd498849150c0b0d255e7590cba3021e267ec6c5

  • SHA512

    b11bb1e468f8a762e70d3d238e604b28cc88b70c4d2da09546cb51fc3b4df0c15ea3addd3cbc76af92b91ec701197a8ae29978d714a56657e3f0e1c117ac46fd

  • SSDEEP

    12288:8Mrvy90HpnFEENQZuTmGruaCcer/qYFPANF2Qnaj:byMuZuMUeWYu8o8

Malware Config

Extracted

Family

redline

Botnet

mihan

C2

217.196.96.101:4132

Attributes
  • auth_value

    9a6a8fdae02ed7caa0a49a6ddc6d4520

Targets

    • Target

      74bb323d4706c651e15ff471bd498849150c0b0d255e7590cba3021e267ec6c5

    • Size

      480KB

    • MD5

      0a692d4581365ccded67dfc64fe26d91

    • SHA1

      8862bc3af1da40110eb628e0e3f935cfa615dc8a

    • SHA256

      74bb323d4706c651e15ff471bd498849150c0b0d255e7590cba3021e267ec6c5

    • SHA512

      b11bb1e468f8a762e70d3d238e604b28cc88b70c4d2da09546cb51fc3b4df0c15ea3addd3cbc76af92b91ec701197a8ae29978d714a56657e3f0e1c117ac46fd

    • SSDEEP

      12288:8Mrvy90HpnFEENQZuTmGruaCcer/qYFPANF2Qnaj:byMuZuMUeWYu8o8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks