General

  • Target

    0ad3fec3c07ad88a58d8a186cc5277a274f103cd0cf26589b6bac201ed4f22e5

  • Size

    491KB

  • Sample

    241110-bzefzazjfn

  • MD5

    d26298260a1d1d2a3ba85a19517f09b2

  • SHA1

    30370bcd42231a8d9044891787133220c22a344b

  • SHA256

    0ad3fec3c07ad88a58d8a186cc5277a274f103cd0cf26589b6bac201ed4f22e5

  • SHA512

    f7ff68d68d1dad4067b9276908b2662c8a05e39004a497b445b782614da3b5176e8cec2c6569d4d4561a03a8df88bafd494668c1c4180f9bbb765360c47c79a4

  • SSDEEP

    12288:OMrQy90w6xlf9u0baO8SJzHvJJnSQ8G4ALL2xCf3GWFM:ayA6OHzHvJJSQ8LALL2xCf3GWFM

Malware Config

Extracted

Family

redline

Botnet

lade

C2

217.196.96.101:4132

Attributes
  • auth_value

    6e597bb53b7858f1eaca3f569cb16e1e

Targets

    • Target

      0ad3fec3c07ad88a58d8a186cc5277a274f103cd0cf26589b6bac201ed4f22e5

    • Size

      491KB

    • MD5

      d26298260a1d1d2a3ba85a19517f09b2

    • SHA1

      30370bcd42231a8d9044891787133220c22a344b

    • SHA256

      0ad3fec3c07ad88a58d8a186cc5277a274f103cd0cf26589b6bac201ed4f22e5

    • SHA512

      f7ff68d68d1dad4067b9276908b2662c8a05e39004a497b445b782614da3b5176e8cec2c6569d4d4561a03a8df88bafd494668c1c4180f9bbb765360c47c79a4

    • SSDEEP

      12288:OMrQy90w6xlf9u0baO8SJzHvJJnSQ8G4ALL2xCf3GWFM:ayA6OHzHvJJSQ8LALL2xCf3GWFM

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks