General

  • Target

    f3460fad45ce70c1a12571d7346df9833aab6bc539f8a381923dd10af42c5874

  • Size

    478KB

  • Sample

    241111-ggmmhstgkr

  • MD5

    e0c98e5a7bb36c71ef7c0d52ccd3aebc

  • SHA1

    698c439239fa0aeb26428928d40123a2387b18ec

  • SHA256

    f3460fad45ce70c1a12571d7346df9833aab6bc539f8a381923dd10af42c5874

  • SHA512

    00fbc36c19a6857b635f10a7a9fb98f7c3c48c43dd4aeb94fe2e01121d43d169835baa8e49079c0b9b5c94c731098d06104c8424ae2aaeaf31203baa5a2a9715

  • SSDEEP

    12288:nMr2y90mnKYHCZI5c1u31hTP1pCpRjCzYr1zT:NydKElXbTf+1zT

Malware Config

Extracted

Family

redline

Botnet

maher

C2

217.196.96.101:4132

Attributes
  • auth_value

    c57763165f68aabcf4874e661a1ffbac

Targets

    • Target

      f3460fad45ce70c1a12571d7346df9833aab6bc539f8a381923dd10af42c5874

    • Size

      478KB

    • MD5

      e0c98e5a7bb36c71ef7c0d52ccd3aebc

    • SHA1

      698c439239fa0aeb26428928d40123a2387b18ec

    • SHA256

      f3460fad45ce70c1a12571d7346df9833aab6bc539f8a381923dd10af42c5874

    • SHA512

      00fbc36c19a6857b635f10a7a9fb98f7c3c48c43dd4aeb94fe2e01121d43d169835baa8e49079c0b9b5c94c731098d06104c8424ae2aaeaf31203baa5a2a9715

    • SSDEEP

      12288:nMr2y90mnKYHCZI5c1u31hTP1pCpRjCzYr1zT:NydKElXbTf+1zT

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks