General

  • Target

    c2332b998433c87e4ba0bae33c88fa3c821ce6e7fc44764931b9bc7960bde217

  • Size

    1.2MB

  • Sample

    231013-fkrvzaeg2v

  • MD5

    6c666132c70b467609497fbf98de87a6

  • SHA1

    da2f3b92771f0ad97c0315805ac3dbebe88c69a1

  • SHA256

    c2332b998433c87e4ba0bae33c88fa3c821ce6e7fc44764931b9bc7960bde217

  • SHA512

    2ef86b7e772bf9861af227d9a5e08435a3ec182455af848c7c6e28986c2e228c2cffffcbc87903d74d248b2f6f0f176ccc1bc9f7a9b32a3e6b6c75c351cfd033

  • SSDEEP

    24576:pBuqRoWp65cb9YpIdLYk/9MvkpuY5+8VqJLO1mRmhkhH6wG:vuqRKw9vLTq8gYA8hc/G

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      c2332b998433c87e4ba0bae33c88fa3c821ce6e7fc44764931b9bc7960bde217

    • Size

      1.2MB

    • MD5

      6c666132c70b467609497fbf98de87a6

    • SHA1

      da2f3b92771f0ad97c0315805ac3dbebe88c69a1

    • SHA256

      c2332b998433c87e4ba0bae33c88fa3c821ce6e7fc44764931b9bc7960bde217

    • SHA512

      2ef86b7e772bf9861af227d9a5e08435a3ec182455af848c7c6e28986c2e228c2cffffcbc87903d74d248b2f6f0f176ccc1bc9f7a9b32a3e6b6c75c351cfd033

    • SSDEEP

      24576:pBuqRoWp65cb9YpIdLYk/9MvkpuY5+8VqJLO1mRmhkhH6wG:vuqRKw9vLTq8gYA8hc/G

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks