General

  • Target

    fb9c4be39a500c5512066a16779684c49f2319edd645a10f013066c62257d12e

  • Size

    479KB

  • Sample

    241111-cahyjatjak

  • MD5

    b79b9d1de5560eed54b7278acd811e1b

  • SHA1

    6d11607f8e2dbf0950920afc330b53a1b7f0e40d

  • SHA256

    fb9c4be39a500c5512066a16779684c49f2319edd645a10f013066c62257d12e

  • SHA512

    7acdfb54e3df68c777e2c9d4bcac2a4d8c7d7b55e14c51b826635725bd7b03705afb4111672bae1cb5a9e768f5234c4ad3a628e7e5542b28cb19669b06e0777a

  • SSDEEP

    12288:DMrFy90c8Y84sKtBmbqXJxEELIKr41GWgJzycG6MnbYL:Gyn81BKfeCJKE8x1yzJG6mm

Malware Config

Extracted

Family

redline

Botnet

ditro

C2

217.196.96.101:4132

Attributes
  • auth_value

    8f24ed370a9b24aa28d3d634ea57912e

Targets

    • Target

      fb9c4be39a500c5512066a16779684c49f2319edd645a10f013066c62257d12e

    • Size

      479KB

    • MD5

      b79b9d1de5560eed54b7278acd811e1b

    • SHA1

      6d11607f8e2dbf0950920afc330b53a1b7f0e40d

    • SHA256

      fb9c4be39a500c5512066a16779684c49f2319edd645a10f013066c62257d12e

    • SHA512

      7acdfb54e3df68c777e2c9d4bcac2a4d8c7d7b55e14c51b826635725bd7b03705afb4111672bae1cb5a9e768f5234c4ad3a628e7e5542b28cb19669b06e0777a

    • SSDEEP

      12288:DMrFy90c8Y84sKtBmbqXJxEELIKr41GWgJzycG6MnbYL:Gyn81BKfeCJKE8x1yzJG6mm

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.