General

  • Target

    b7d24bdd019805f4a7851e80208e35f4bb9ff4ddec3ce6996c13c36099c4f81b

  • Size

    479KB

  • Sample

    241111-hrv73symbk

  • MD5

    8e397ce3fca87edbea27d507222d52a1

  • SHA1

    113f60010bbfc7b1c250c512dfec7781bfecf39d

  • SHA256

    b7d24bdd019805f4a7851e80208e35f4bb9ff4ddec3ce6996c13c36099c4f81b

  • SHA512

    8ecf837038d58c2f6ab1c8f4852444d7fa79e72bdb50f65cc1eb460bb8cf41a856f87198eb00021daa4a9deb733e6760dc5c6ff199a65d360e473a43e63c3cf6

  • SSDEEP

    12288:fMrEy90ELjT+NOeINrpCnynPWKP8uVoNGQs4uw:LyzLjTmOeIN1CyPdUuVoNw0

Malware Config

Extracted

Family

redline

Botnet

morty

C2

217.196.96.101:4132

Attributes
  • auth_value

    fe1a24c211cc8e5bf9ff11c737ce0e97

Targets

    • Target

      b7d24bdd019805f4a7851e80208e35f4bb9ff4ddec3ce6996c13c36099c4f81b

    • Size

      479KB

    • MD5

      8e397ce3fca87edbea27d507222d52a1

    • SHA1

      113f60010bbfc7b1c250c512dfec7781bfecf39d

    • SHA256

      b7d24bdd019805f4a7851e80208e35f4bb9ff4ddec3ce6996c13c36099c4f81b

    • SHA512

      8ecf837038d58c2f6ab1c8f4852444d7fa79e72bdb50f65cc1eb460bb8cf41a856f87198eb00021daa4a9deb733e6760dc5c6ff199a65d360e473a43e63c3cf6

    • SSDEEP

      12288:fMrEy90ELjT+NOeINrpCnynPWKP8uVoNGQs4uw:LyzLjTmOeIN1CyPdUuVoNw0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks