General

  • Target

    e3f414ff0689e55f36865094c88b05e44808b92c39204f030c1824f33ce0553b

  • Size

    479KB

  • Sample

    241111-gv683svakp

  • MD5

    ca2ca338829189e33752dd7af7f0702a

  • SHA1

    5a5d3133dc4d0d7f49fad8e163233f2ba2b45ea3

  • SHA256

    e3f414ff0689e55f36865094c88b05e44808b92c39204f030c1824f33ce0553b

  • SHA512

    fc4745c9eb81105b3225dc840b3992b8a3769191049a82978179788c2d86ffa2a91a31833003a39ee038bf5ffc01f94051de08370470fcc2acee2a87404e53bd

  • SSDEEP

    12288:7MrDy90IoUBSSLyW5gUjObU3ku/jAenLDC1Wf1xc:0yb7ysjOYUAnLeIfnc

Malware Config

Extracted

Family

redline

Botnet

morty

C2

217.196.96.101:4132

Attributes
  • auth_value

    fe1a24c211cc8e5bf9ff11c737ce0e97

Targets

    • Target

      e3f414ff0689e55f36865094c88b05e44808b92c39204f030c1824f33ce0553b

    • Size

      479KB

    • MD5

      ca2ca338829189e33752dd7af7f0702a

    • SHA1

      5a5d3133dc4d0d7f49fad8e163233f2ba2b45ea3

    • SHA256

      e3f414ff0689e55f36865094c88b05e44808b92c39204f030c1824f33ce0553b

    • SHA512

      fc4745c9eb81105b3225dc840b3992b8a3769191049a82978179788c2d86ffa2a91a31833003a39ee038bf5ffc01f94051de08370470fcc2acee2a87404e53bd

    • SSDEEP

      12288:7MrDy90IoUBSSLyW5gUjObU3ku/jAenLDC1Wf1xc:0yb7ysjOYUAnLeIfnc

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks