General

  • Target

    552629e990d6f7fe390ee38bc1fdcd0dc84f762829beb4bd3c424dcdb72678da

  • Size

    479KB

  • Sample

    241110-d14tcsyjas

  • MD5

    5b45687c3b081a613b7a27cfa08c0946

  • SHA1

    ba25f734e1fda5b7eb91e7403a708b7b18c07b27

  • SHA256

    552629e990d6f7fe390ee38bc1fdcd0dc84f762829beb4bd3c424dcdb72678da

  • SHA512

    628446b332baafe14e8c775aefe809a4e67ca753f04a546c40aa91786bdb7d87906788427ac2d8482d3e8ec54aa2d73bfac8d0582ebdd0d5c3a962a02b2adc11

  • SSDEEP

    12288:uMrJy90AXx0cdliYoz9L0Ms2wVxwzYZH:Hyx5dHoGqwVxwC

Malware Config

Extracted

Family

redline

Botnet

maxud

C2

217.196.96.101:4132

Attributes
  • auth_value

    f1403d964c52b6641ba1ef14803e6e74

Targets

    • Target

      552629e990d6f7fe390ee38bc1fdcd0dc84f762829beb4bd3c424dcdb72678da

    • Size

      479KB

    • MD5

      5b45687c3b081a613b7a27cfa08c0946

    • SHA1

      ba25f734e1fda5b7eb91e7403a708b7b18c07b27

    • SHA256

      552629e990d6f7fe390ee38bc1fdcd0dc84f762829beb4bd3c424dcdb72678da

    • SHA512

      628446b332baafe14e8c775aefe809a4e67ca753f04a546c40aa91786bdb7d87906788427ac2d8482d3e8ec54aa2d73bfac8d0582ebdd0d5c3a962a02b2adc11

    • SSDEEP

      12288:uMrJy90AXx0cdliYoz9L0Ms2wVxwzYZH:Hyx5dHoGqwVxwC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks