General

  • Target

    0edd92f99b8e37f70e51cbb215e88a88065ea0f690d0f0da9534bcb026eec3a0

  • Size

    479KB

  • Sample

    241110-dgc7asxndv

  • MD5

    79ea63ea2bec2be3e482c9b9f97e5519

  • SHA1

    3c2dc063a5249c058fb81f68e4871697d641b5cc

  • SHA256

    0edd92f99b8e37f70e51cbb215e88a88065ea0f690d0f0da9534bcb026eec3a0

  • SHA512

    c7a3307c041c76505284322a56102a42d493309c40b8160429acf5a070fed4abbc835035297c86427cce57572ad57ae8a82112c9cec4bd9165609f23ad640453

  • SSDEEP

    12288:UMrky90XspIMnGDOlaIozrf818J3pl+puFYzEeXre:4y1gRnVHKiYzhre

Malware Config

Extracted

Family

redline

Botnet

divan

C2

217.196.96.102:4132

Attributes
  • auth_value

    b414986bebd7f5a3ec9aee0341b8e769

Targets

    • Target

      0edd92f99b8e37f70e51cbb215e88a88065ea0f690d0f0da9534bcb026eec3a0

    • Size

      479KB

    • MD5

      79ea63ea2bec2be3e482c9b9f97e5519

    • SHA1

      3c2dc063a5249c058fb81f68e4871697d641b5cc

    • SHA256

      0edd92f99b8e37f70e51cbb215e88a88065ea0f690d0f0da9534bcb026eec3a0

    • SHA512

      c7a3307c041c76505284322a56102a42d493309c40b8160429acf5a070fed4abbc835035297c86427cce57572ad57ae8a82112c9cec4bd9165609f23ad640453

    • SSDEEP

      12288:UMrky90XspIMnGDOlaIozrf818J3pl+puFYzEeXre:4y1gRnVHKiYzhre

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks