General

  • Target

    919aa89ea3b5d1722aedb72f87f841230fcda9f7f1855a68e7ce81ad16fb1135

  • Size

    689KB

  • Sample

    241110-b32qnsxand

  • MD5

    017cba7d9274776c9ea2e379d6e69887

  • SHA1

    dc8109e9d8a80201804962de6013bbf28f4bd94e

  • SHA256

    919aa89ea3b5d1722aedb72f87f841230fcda9f7f1855a68e7ce81ad16fb1135

  • SHA512

    7da82f3535f562e9e4114a988094de7fc13b94d7f09ab5de3cd03e22486cbd889d0c94269b13307f06e1c9cabd464c1277c4db9864bc6ef3bdc7bcba0321aca2

  • SSDEEP

    12288:mMr9y90BzulHQA0evIexDaTYPCajvvx7fheL4+a5DQw4WsCA4KUof8:jyKKP0evMT8fjvv5ks+aQ5VCAFUs8

Malware Config

Extracted

Family

redline

Botnet

stek

C2

melevv.eu:4162

Attributes
  • auth_value

    4205381daf6946b2df5fe3bc7eacc918

Targets

    • Target

      919aa89ea3b5d1722aedb72f87f841230fcda9f7f1855a68e7ce81ad16fb1135

    • Size

      689KB

    • MD5

      017cba7d9274776c9ea2e379d6e69887

    • SHA1

      dc8109e9d8a80201804962de6013bbf28f4bd94e

    • SHA256

      919aa89ea3b5d1722aedb72f87f841230fcda9f7f1855a68e7ce81ad16fb1135

    • SHA512

      7da82f3535f562e9e4114a988094de7fc13b94d7f09ab5de3cd03e22486cbd889d0c94269b13307f06e1c9cabd464c1277c4db9864bc6ef3bdc7bcba0321aca2

    • SSDEEP

      12288:mMr9y90BzulHQA0evIexDaTYPCajvvx7fheL4+a5DQw4WsCA4KUof8:jyKKP0evMT8fjvv5ks+aQ5VCAFUs8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks