General

  • Target

    186a3b4d636bfdb9732bdfab12453a1c08275a3536c665eb72ac92d35ca85484

  • Size

    479KB

  • Sample

    241110-dmyp7aybmm

  • MD5

    386b12230f299deb9e040cbf3e24bf29

  • SHA1

    bea3f67e1fd9490a38c975baf2c30623df5898e8

  • SHA256

    186a3b4d636bfdb9732bdfab12453a1c08275a3536c665eb72ac92d35ca85484

  • SHA512

    178140ada5b05eb7d83b7d79bb902c678a2ee4a43eb0132fad35beaa8433c1aa1dca0fec061762596b274303556bdaef2e2e9a21f412c0b3727cacde6209f14c

  • SSDEEP

    12288:dMrSy90eUIJPVrmEAFQP70U5qitV8Z1nlD:by7UsmEnrtKD

Malware Config

Extracted

Family

redline

Botnet

dease

C2

217.196.96.101:4132

Attributes
  • auth_value

    82e4d5f9abc21848e0345118814a4e6c

Targets

    • Target

      186a3b4d636bfdb9732bdfab12453a1c08275a3536c665eb72ac92d35ca85484

    • Size

      479KB

    • MD5

      386b12230f299deb9e040cbf3e24bf29

    • SHA1

      bea3f67e1fd9490a38c975baf2c30623df5898e8

    • SHA256

      186a3b4d636bfdb9732bdfab12453a1c08275a3536c665eb72ac92d35ca85484

    • SHA512

      178140ada5b05eb7d83b7d79bb902c678a2ee4a43eb0132fad35beaa8433c1aa1dca0fec061762596b274303556bdaef2e2e9a21f412c0b3727cacde6209f14c

    • SSDEEP

      12288:dMrSy90eUIJPVrmEAFQP70U5qitV8Z1nlD:by7UsmEnrtKD

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks