General

  • Target

    59db6efd5bc1e788391d3670570f5ca4854d78aa3ccc30ab3ee57c7ce5acec86

  • Size

    1.2MB

  • Sample

    231013-fjxd3aef7w

  • MD5

    45c8f18e88a2562f6cafa96c6c3fa528

  • SHA1

    08a13c4c944173b0e775b0cca25096ab1f227340

  • SHA256

    59db6efd5bc1e788391d3670570f5ca4854d78aa3ccc30ab3ee57c7ce5acec86

  • SHA512

    d13dea7c3bd4f6e8af262a1533956a03db087a519f71ee5ca067798225ed7d789c683571a80b0a28671d9136b38b31627c4cbd82d6913c8dfaf5bd6e0781c222

  • SSDEEP

    24576:O74crI0H8AMXzjhfr76JK9bbcQhUUhdGCaGxYoirN0GAu7GcsUY2Uk/qvhcLuuAy:k4crI0H8AMXHhfX6J6oLCaDrGG32UtU2

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      59db6efd5bc1e788391d3670570f5ca4854d78aa3ccc30ab3ee57c7ce5acec86

    • Size

      1.2MB

    • MD5

      45c8f18e88a2562f6cafa96c6c3fa528

    • SHA1

      08a13c4c944173b0e775b0cca25096ab1f227340

    • SHA256

      59db6efd5bc1e788391d3670570f5ca4854d78aa3ccc30ab3ee57c7ce5acec86

    • SHA512

      d13dea7c3bd4f6e8af262a1533956a03db087a519f71ee5ca067798225ed7d789c683571a80b0a28671d9136b38b31627c4cbd82d6913c8dfaf5bd6e0781c222

    • SSDEEP

      24576:O74crI0H8AMXzjhfr76JK9bbcQhUUhdGCaGxYoirN0GAu7GcsUY2Uk/qvhcLuuAy:k4crI0H8AMXHhfX6J6oLCaDrGG32UtU2

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks