General

  • Target

    1288647ac8dea85b6aecae611c77b261c1d9db75c64f9473e3140edfe7972e46

  • Size

    479KB

  • Sample

    241110-bs6lwawjax

  • MD5

    7fdef5be4b44d6385b670bec09cef4f3

  • SHA1

    ef12bc96a16a13449c161515edd59c9285e6bb97

  • SHA256

    1288647ac8dea85b6aecae611c77b261c1d9db75c64f9473e3140edfe7972e46

  • SHA512

    68464d7cea5ec8dd6b7edbb3f56e6ac6a1911d5d886183960622c39b5c0eaf3d9fe6641a9c011301596162a4cd36ea9ac254f19f17db51482c21b05a3c25384b

  • SSDEEP

    12288:kMryy90AzPWi00IMN5yJiBcV+sapjBbnFLrunj1:WyjWAI480GPapjBRLrg

Malware Config

Extracted

Family

redline

Botnet

dona

C2

217.196.96.101:4132

Attributes
  • auth_value

    9fbb198992bbc83a84ab1f21384813e3

Targets

    • Target

      1288647ac8dea85b6aecae611c77b261c1d9db75c64f9473e3140edfe7972e46

    • Size

      479KB

    • MD5

      7fdef5be4b44d6385b670bec09cef4f3

    • SHA1

      ef12bc96a16a13449c161515edd59c9285e6bb97

    • SHA256

      1288647ac8dea85b6aecae611c77b261c1d9db75c64f9473e3140edfe7972e46

    • SHA512

      68464d7cea5ec8dd6b7edbb3f56e6ac6a1911d5d886183960622c39b5c0eaf3d9fe6641a9c011301596162a4cd36ea9ac254f19f17db51482c21b05a3c25384b

    • SSDEEP

      12288:kMryy90AzPWi00IMN5yJiBcV+sapjBbnFLrunj1:WyjWAI480GPapjBRLrg

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks