General

  • Target

    6ac6319aa00212eccc0dd941c1f59a2e2361ca34faa512d672864701ce336f2e

  • Size

    1.2MB

  • Sample

    231013-ffhfqsee3y

  • MD5

    feb2be8a2d1624aa6e72b4ff5b499498

  • SHA1

    26e421f3dba75f49a8ac1390e189afd8407fa541

  • SHA256

    6ac6319aa00212eccc0dd941c1f59a2e2361ca34faa512d672864701ce336f2e

  • SHA512

    5b5971095830f9c1bd887c256592fa11f9f3d8d944dfdd46fc2160018d2e4d115b16cfa152963a24e3e5ebc13685dfe6a4f0f4e6291772ad061b1afd968bdeea

  • SSDEEP

    24576:f74cr2NZUhgFSF68jG8/I8W5tcj5+/jNY2vYBcTvkyJNeGG:T4cr2AhCS4O/U52N+/kBAkueGG

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      6ac6319aa00212eccc0dd941c1f59a2e2361ca34faa512d672864701ce336f2e

    • Size

      1.2MB

    • MD5

      feb2be8a2d1624aa6e72b4ff5b499498

    • SHA1

      26e421f3dba75f49a8ac1390e189afd8407fa541

    • SHA256

      6ac6319aa00212eccc0dd941c1f59a2e2361ca34faa512d672864701ce336f2e

    • SHA512

      5b5971095830f9c1bd887c256592fa11f9f3d8d944dfdd46fc2160018d2e4d115b16cfa152963a24e3e5ebc13685dfe6a4f0f4e6291772ad061b1afd968bdeea

    • SSDEEP

      24576:f74cr2NZUhgFSF68jG8/I8W5tcj5+/jNY2vYBcTvkyJNeGG:T4cr2AhCS4O/U52N+/kBAkueGG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks