General

  • Target

    0bc7bd0b77649062ed3d5cc3a4922b5001f00a4d78dc6518904f14a79ddef12e

  • Size

    479KB

  • Sample

    241110-ehzblaymdx

  • MD5

    aa717e06ed26eca1ca28087d95d6fa74

  • SHA1

    f28b2792132c7e93915a239da7805154269bb236

  • SHA256

    0bc7bd0b77649062ed3d5cc3a4922b5001f00a4d78dc6518904f14a79ddef12e

  • SHA512

    0ea957d7a28d23af8b0c13db10f76c2f057bb383020eb39d66a2f77d02f896c4feee7d5f1ffb70f5a91fe17fc365ea05f1ad27da698b00f691cbd629219f1dd0

  • SSDEEP

    6144:KGy+bnr+np0yN90QE50qezeWE1lzN5DsB7LLayheQ+2/w7OKTxRDur0ZHX22OLo5:qMrfy903ygz4B7HHeRqw7nPDuam2Oiv

Malware Config

Extracted

Family

redline

Botnet

mufos

C2

217.196.96.102:4132

Attributes
  • auth_value

    136f202e6569ad5815c34377858a255c

Targets

    • Target

      0bc7bd0b77649062ed3d5cc3a4922b5001f00a4d78dc6518904f14a79ddef12e

    • Size

      479KB

    • MD5

      aa717e06ed26eca1ca28087d95d6fa74

    • SHA1

      f28b2792132c7e93915a239da7805154269bb236

    • SHA256

      0bc7bd0b77649062ed3d5cc3a4922b5001f00a4d78dc6518904f14a79ddef12e

    • SHA512

      0ea957d7a28d23af8b0c13db10f76c2f057bb383020eb39d66a2f77d02f896c4feee7d5f1ffb70f5a91fe17fc365ea05f1ad27da698b00f691cbd629219f1dd0

    • SSDEEP

      6144:KGy+bnr+np0yN90QE50qezeWE1lzN5DsB7LLayheQ+2/w7OKTxRDur0ZHX22OLo5:qMrfy903ygz4B7HHeRqw7nPDuam2Oiv

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks