Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    817KB

  • Sample

    230824-v51e6sfh4s

  • MD5

    60395b7aeabc1c51da5e995a18095f27

  • SHA1

    d7e1f3681becffdd4a8262d112459fc0c8e82d33

  • SHA256

    7f17bcf36912f93161771f2ef5ccb5450890f2732e972ac7a3086fdc13538742

  • SHA512

    0f062d69040f0d229305e397e8ef95bbf77316f9a53aeafaf72268c155e91ab5aa20b1d862cc6c58a3342de7748f03abd86bc707b7b5c07aaa8885825d95c65a

  • SSDEEP

    24576:gyn0dvL90SHl5ZqzG23fJTmmJTtfST3tY:navvHhWhmd

Score
10/10
healerredlinerwandropperevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

rwan

C2

77.91.124.73:19071

Attributes
  • auth_value

    7c40eda5da4f888d6f61befbf947d9fe

Targets

    • Target

      file.exe

    • Size

      817KB

    • MD5

      60395b7aeabc1c51da5e995a18095f27

    • SHA1

      d7e1f3681becffdd4a8262d112459fc0c8e82d33

    • SHA256

      7f17bcf36912f93161771f2ef5ccb5450890f2732e972ac7a3086fdc13538742

    • SHA512

      0f062d69040f0d229305e397e8ef95bbf77316f9a53aeafaf72268c155e91ab5aa20b1d862cc6c58a3342de7748f03abd86bc707b7b5c07aaa8885825d95c65a

    • SSDEEP

      24576:gyn0dvL90SHl5ZqzG23fJTmmJTtfST3tY:navvHhWhmd

    Score
    10/10
    healerredlinerwandropperevasioninfostealerpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks