General

  • Target

    aa21e3a7bcb0682e9a0ac499ac7bc14f5f5c6efb9d20f8d7565b2994acd47e07

  • Size

    479KB

  • Sample

    241110-g26wws1enl

  • MD5

    3d014232b3745d351c387b6e5ae04096

  • SHA1

    64683c6c2715783d067f50b0c3fd1d97d243224a

  • SHA256

    aa21e3a7bcb0682e9a0ac499ac7bc14f5f5c6efb9d20f8d7565b2994acd47e07

  • SHA512

    7aa89840f634cd54e91d618d86db30b30a1b0891ad3cffcaae86cbba92e4dd705a4562aaadc7362248f01464762b52b44a5aa5539038967995dcb1b7d444b01b

  • SSDEEP

    12288:VMrdy90E5whS/hiZUyi/LwJSCykLF8fTQU:oyH7/hyKWtVLFUt

Malware Config

Extracted

Family

redline

Botnet

dumud

C2

217.196.96.101:4132

Attributes
  • auth_value

    3e18d4b90418aa3e78d8822e87c62f5c

Targets

    • Target

      aa21e3a7bcb0682e9a0ac499ac7bc14f5f5c6efb9d20f8d7565b2994acd47e07

    • Size

      479KB

    • MD5

      3d014232b3745d351c387b6e5ae04096

    • SHA1

      64683c6c2715783d067f50b0c3fd1d97d243224a

    • SHA256

      aa21e3a7bcb0682e9a0ac499ac7bc14f5f5c6efb9d20f8d7565b2994acd47e07

    • SHA512

      7aa89840f634cd54e91d618d86db30b30a1b0891ad3cffcaae86cbba92e4dd705a4562aaadc7362248f01464762b52b44a5aa5539038967995dcb1b7d444b01b

    • SSDEEP

      12288:VMrdy90E5whS/hiZUyi/LwJSCykLF8fTQU:oyH7/hyKWtVLFUt

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks