General

  • Target

    c6f9555af77909f7ce5cb9361aa3b1b225dbf30558508121d3e2e6b694085bea

  • Size

    479KB

  • Sample

    241110-ekl42sslen

  • MD5

    198b42758d9c95a4036c430623e82839

  • SHA1

    363243f3c0b742318761cda60bae5942be435d57

  • SHA256

    c6f9555af77909f7ce5cb9361aa3b1b225dbf30558508121d3e2e6b694085bea

  • SHA512

    bad0c2f2036183b67e8f6c73fc37e26899f315f1ee010e119110592c8e69c91c30056fdecb66bde3af2269509cff18511faebabf79c0d439c5fa5d0a4466545e

  • SSDEEP

    12288:ZMrOy90yiL1XvfrvZpJKoOyo2xvnLPyA:/yoX9n/Fo2xzaA

Malware Config

Extracted

Family

redline

Botnet

ditro

C2

217.196.96.101:4132

Attributes
  • auth_value

    8f24ed370a9b24aa28d3d634ea57912e

Targets

    • Target

      c6f9555af77909f7ce5cb9361aa3b1b225dbf30558508121d3e2e6b694085bea

    • Size

      479KB

    • MD5

      198b42758d9c95a4036c430623e82839

    • SHA1

      363243f3c0b742318761cda60bae5942be435d57

    • SHA256

      c6f9555af77909f7ce5cb9361aa3b1b225dbf30558508121d3e2e6b694085bea

    • SHA512

      bad0c2f2036183b67e8f6c73fc37e26899f315f1ee010e119110592c8e69c91c30056fdecb66bde3af2269509cff18511faebabf79c0d439c5fa5d0a4466545e

    • SSDEEP

      12288:ZMrOy90yiL1XvfrvZpJKoOyo2xvnLPyA:/yoX9n/Fo2xzaA

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks