General

  • Target

    cceaa97f5bb5ae0e81575522ba7117ee7832476da41d9f72fc5519015c8d0b8a

  • Size

    479KB

  • Sample

    241111-hk15raylal

  • MD5

    2f5dc3c551c5825647e06a36ff100438

  • SHA1

    d12f64144f52c8b67a8c0e0645a20f7d2ddfa4b6

  • SHA256

    cceaa97f5bb5ae0e81575522ba7117ee7832476da41d9f72fc5519015c8d0b8a

  • SHA512

    4c4b7d19f3a5c51da6e1e7ca8be746e6c1f2f74d3a3d5091ef523741a93689d8c954d3a16e1d0cdcfad7a8237d08763af11a07cf2d9ed6123a5bb717ba241d43

  • SSDEEP

    12288:JMr8y90/NrfArMROEw9VmzfF/0rUwpEDYP9ViA:9yYorpfmzNJUYYT7

Malware Config

Extracted

Family

redline

Botnet

divan

C2

217.196.96.102:4132

Attributes
  • auth_value

    b414986bebd7f5a3ec9aee0341b8e769

Targets

    • Target

      cceaa97f5bb5ae0e81575522ba7117ee7832476da41d9f72fc5519015c8d0b8a

    • Size

      479KB

    • MD5

      2f5dc3c551c5825647e06a36ff100438

    • SHA1

      d12f64144f52c8b67a8c0e0645a20f7d2ddfa4b6

    • SHA256

      cceaa97f5bb5ae0e81575522ba7117ee7832476da41d9f72fc5519015c8d0b8a

    • SHA512

      4c4b7d19f3a5c51da6e1e7ca8be746e6c1f2f74d3a3d5091ef523741a93689d8c954d3a16e1d0cdcfad7a8237d08763af11a07cf2d9ed6123a5bb717ba241d43

    • SSDEEP

      12288:JMr8y90/NrfArMROEw9VmzfF/0rUwpEDYP9ViA:9yYorpfmzNJUYYT7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks