General

  • Target

    98e202cef9f0b0d90af28054ac9392aa7ec52c95faa56a012ced9274d9350d5cN.exe

  • Size

    1.4MB

  • Sample

    241112-x7nv9sykfw

  • MD5

    bcfc356fc3daeb84c6d9c5cad63409f1

  • SHA1

    25a708649803134082ae34bc92c236f04b8344e0

  • SHA256

    d94c996218e981a9fc47662f0b1521d8d19d58ec43025c8ddc63d011e0a8a23e

  • SHA512

    6f50b06f1abdf30d679e739fe478d34b205c6d9f1593058e7128b65e4ea9c52c213dd3aadcc456ed03011e5f88395be52772e632ba8b053067fd84c4429b092f

  • SSDEEP

    24576:SyzCJTJMz82c5RNX5WoRHnkuhUDF9+fL4Z+rF7S5GjsH:5QJGNc9BkdFUmeF7SEE

Malware Config

Extracted

Family

redline

Botnet

max

C2

185.161.248.73:4164

Attributes
  • auth_value

    efb1499709a5d08ed1ddf71cff71211f

Targets

    • Target

      98e202cef9f0b0d90af28054ac9392aa7ec52c95faa56a012ced9274d9350d5cN.exe

    • Size

      1.4MB

    • MD5

      bcfc356fc3daeb84c6d9c5cad63409f1

    • SHA1

      25a708649803134082ae34bc92c236f04b8344e0

    • SHA256

      d94c996218e981a9fc47662f0b1521d8d19d58ec43025c8ddc63d011e0a8a23e

    • SHA512

      6f50b06f1abdf30d679e739fe478d34b205c6d9f1593058e7128b65e4ea9c52c213dd3aadcc456ed03011e5f88395be52772e632ba8b053067fd84c4429b092f

    • SSDEEP

      24576:SyzCJTJMz82c5RNX5WoRHnkuhUDF9+fL4Z+rF7S5GjsH:5QJGNc9BkdFUmeF7SEE

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks