General

  • Target

    e516ad2c4d0193599674a9dda333bd8c6d7f7ca091a59c22eef30e594864026b

  • Size

    1.4MB

  • Sample

    241111-hftj4svgma

  • MD5

    8cb4774e6ba6a70a34acebf5b3215800

  • SHA1

    0cf32474c576059f1c9ba8b9e38a44accb9ccd53

  • SHA256

    e516ad2c4d0193599674a9dda333bd8c6d7f7ca091a59c22eef30e594864026b

  • SHA512

    ce78ade641c2db8873ca9ee411348961e02d2cc82c2d9d74329a1c32aec15d8dee6633f141a78bfd3448795fa2fcd544890ce011d2531f2a4916b8a59ecb8b0e

  • SSDEEP

    24576:fy0O9AKOQ5KhFW/8rrE+otuBrvWwUpxF9zA8zm5gm56wkvxsfI+jXVPIr:q0+IfETtYvWwUvFpLzmiwkvqfnjl

Malware Config

Extracted

Family

redline

Botnet

mask

C2

217.196.96.56:4138

Attributes
  • auth_value

    31aef25be0febb8e491794ef7f502c50

Targets

    • Target

      e516ad2c4d0193599674a9dda333bd8c6d7f7ca091a59c22eef30e594864026b

    • Size

      1.4MB

    • MD5

      8cb4774e6ba6a70a34acebf5b3215800

    • SHA1

      0cf32474c576059f1c9ba8b9e38a44accb9ccd53

    • SHA256

      e516ad2c4d0193599674a9dda333bd8c6d7f7ca091a59c22eef30e594864026b

    • SHA512

      ce78ade641c2db8873ca9ee411348961e02d2cc82c2d9d74329a1c32aec15d8dee6633f141a78bfd3448795fa2fcd544890ce011d2531f2a4916b8a59ecb8b0e

    • SSDEEP

      24576:fy0O9AKOQ5KhFW/8rrE+otuBrvWwUpxF9zA8zm5gm56wkvxsfI+jXVPIr:q0+IfETtYvWwUvFpLzmiwkvqfnjl

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks