General

  • Target

    be0acc69829c9a8717ce82d479f831dd8035bfdc27658804c935d019a2b9cfbcN.exe

  • Size

    848KB

  • Sample

    241120-1g27ratnhx

  • MD5

    4713b5bf0aeaaa3e55b97e4187367830

  • SHA1

    aca8935697aaa69fa6b1ecb418d4df8cebe0faf6

  • SHA256

    be0acc69829c9a8717ce82d479f831dd8035bfdc27658804c935d019a2b9cfbc

  • SHA512

    9ed7a96596f391081960fc5415a81bf3869db1ba84961c43543d243f21af5fd80b99beaba9a42a8bdbcdd4710ef6df27edf399b3b93bd560ab666489cd508723

  • SSDEEP

    24576:FypHbVgZ6Gl/SqOGIiokddVXz5cFFhd4C3cApMYS:gpHbkxlMiobFbd4C

Malware Config

Extracted

Family

redline

Botnet

mask

C2

217.196.96.56:4138

Attributes
  • auth_value

    31aef25be0febb8e491794ef7f502c50

Targets

    • Target

      be0acc69829c9a8717ce82d479f831dd8035bfdc27658804c935d019a2b9cfbcN.exe

    • Size

      848KB

    • MD5

      4713b5bf0aeaaa3e55b97e4187367830

    • SHA1

      aca8935697aaa69fa6b1ecb418d4df8cebe0faf6

    • SHA256

      be0acc69829c9a8717ce82d479f831dd8035bfdc27658804c935d019a2b9cfbc

    • SHA512

      9ed7a96596f391081960fc5415a81bf3869db1ba84961c43543d243f21af5fd80b99beaba9a42a8bdbcdd4710ef6df27edf399b3b93bd560ab666489cd508723

    • SSDEEP

      24576:FypHbVgZ6Gl/SqOGIiokddVXz5cFFhd4C3cApMYS:gpHbkxlMiobFbd4C

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks