General

  • Target

    23b844de4ffac9a17750f17537a391c834da95a377102fd2c2caadc5c5a1d7cf

  • Size

    550KB

  • Sample

    241110-d6ndkaygkh

  • MD5

    08f82a2a7624d2b636d356f21ca92bb1

  • SHA1

    eff52f9c1c08eb8e3468518e5afb48d29f87ea0e

  • SHA256

    23b844de4ffac9a17750f17537a391c834da95a377102fd2c2caadc5c5a1d7cf

  • SHA512

    edb56ca37eac780a285c8f1f1b2de436fd428dc29d222d8455a2bfd8e2dcc970f5f30317315438f665f74ad7791b7a114e7d671c082cfca4cba9a1373bb471ed

  • SSDEEP

    12288:sMroy90W4KcV+lGPZ78X4yA4mtN8nVkhsQRth88lMGqpddeB:UyGKcAE9qmrSkhVvKGEs

Malware Config

Extracted

Family

redline

Botnet

stek

C2

melevv.eu:4162

Attributes
  • auth_value

    4205381daf6946b2df5fe3bc7eacc918

Targets

    • Target

      23b844de4ffac9a17750f17537a391c834da95a377102fd2c2caadc5c5a1d7cf

    • Size

      550KB

    • MD5

      08f82a2a7624d2b636d356f21ca92bb1

    • SHA1

      eff52f9c1c08eb8e3468518e5afb48d29f87ea0e

    • SHA256

      23b844de4ffac9a17750f17537a391c834da95a377102fd2c2caadc5c5a1d7cf

    • SHA512

      edb56ca37eac780a285c8f1f1b2de436fd428dc29d222d8455a2bfd8e2dcc970f5f30317315438f665f74ad7791b7a114e7d671c082cfca4cba9a1373bb471ed

    • SSDEEP

      12288:sMroy90W4KcV+lGPZ78X4yA4mtN8nVkhsQRth88lMGqpddeB:UyGKcAE9qmrSkhVvKGEs

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks