General

  • Target

    x3716465.exe

  • Size

    320KB

  • Sample

    230919-hngkhsfd6v

  • MD5

    bd8aac74df67f6fde61f5f9a924ed6d4

  • SHA1

    836e6a69bbef277e18383abe776abc058b9c5341

  • SHA256

    4e82ae18daf05be90f7731212b8b696a52e48d1a771d434e99c7705bf6e5486b

  • SHA512

    da1c41e43d9ef43eb78b39cd7a1aa1d443181d189385065e8380c188d981436cac43cc33d3d72c251739ce2719472c4bb5706d44adda540e2b50213c2722c727

  • SSDEEP

    6144:K7y+bnr+mp0yN90QEAGp7GKQ1zpOOGAgkZSLx/6oAKpL2Ajdg:BMr6y90zJNeQVdp2OS

Malware Config

Extracted

Family

redline

Botnet

vasha

C2

77.91.124.82:19071

Attributes
  • auth_value

    42fc61786274daca54d589b85a2c1954

Targets

    • Target

      x3716465.exe

    • Size

      320KB

    • MD5

      bd8aac74df67f6fde61f5f9a924ed6d4

    • SHA1

      836e6a69bbef277e18383abe776abc058b9c5341

    • SHA256

      4e82ae18daf05be90f7731212b8b696a52e48d1a771d434e99c7705bf6e5486b

    • SHA512

      da1c41e43d9ef43eb78b39cd7a1aa1d443181d189385065e8380c188d981436cac43cc33d3d72c251739ce2719472c4bb5706d44adda540e2b50213c2722c727

    • SSDEEP

      6144:K7y+bnr+mp0yN90QEAGp7GKQ1zpOOGAgkZSLx/6oAKpL2Ajdg:BMr6y90zJNeQVdp2OS

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks