General

  • Target

    cd7ed59b3b75897df407820388558d6b4e00cfa0d2ef86cd956054edc12345e9

  • Size

    480KB

  • Sample

    241110-dhj18sxnfz

  • MD5

    67a3bea81187f8774ec841aba03437a4

  • SHA1

    1a1e33c8145999b86a85d4df11be873aab98ee3a

  • SHA256

    cd7ed59b3b75897df407820388558d6b4e00cfa0d2ef86cd956054edc12345e9

  • SHA512

    57223e80a46ea69e3b62eee05d46df1a5915a040bc34343e46e8c34986fb8f85d79667644b80a06f3c9d99824419e8f412c38eca84e08f3856ae38fdf2f7552f

  • SSDEEP

    12288:zMrgy90B6gVZwJopiuaRNd50fVvx3U3wW0V:3yK6gZUvC5x3Ch0V

Malware Config

Extracted

Family

redline

Botnet

mihan

C2

217.196.96.101:4132

Attributes
  • auth_value

    9a6a8fdae02ed7caa0a49a6ddc6d4520

Targets

    • Target

      cd7ed59b3b75897df407820388558d6b4e00cfa0d2ef86cd956054edc12345e9

    • Size

      480KB

    • MD5

      67a3bea81187f8774ec841aba03437a4

    • SHA1

      1a1e33c8145999b86a85d4df11be873aab98ee3a

    • SHA256

      cd7ed59b3b75897df407820388558d6b4e00cfa0d2ef86cd956054edc12345e9

    • SHA512

      57223e80a46ea69e3b62eee05d46df1a5915a040bc34343e46e8c34986fb8f85d79667644b80a06f3c9d99824419e8f412c38eca84e08f3856ae38fdf2f7552f

    • SSDEEP

      12288:zMrgy90B6gVZwJopiuaRNd50fVvx3U3wW0V:3yK6gZUvC5x3Ch0V

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks