General

  • Target

    aa1cf9e20212c91b27c87de4c4962f8f6768c30350e75caed310c09e530d5e04

  • Size

    1.2MB

  • Sample

    231013-fkzwkseg21

  • MD5

    89ff258b7a3e752b0d2a6db304ed38f7

  • SHA1

    e1a42ddce664a7ea68d9c36c80e347e1a0bebe20

  • SHA256

    aa1cf9e20212c91b27c87de4c4962f8f6768c30350e75caed310c09e530d5e04

  • SHA512

    cc37f7a868b5858c1698857556992e38b1f93f2c3809e09cb99ff47a385c0c60ec0010e8632d43b60221e8349c5e6d6ce0eca532b7adb4cd02f82367b92b8f34

  • SSDEEP

    24576:2BuqRr0CQheNIRavIUDGgDzvUIWjD8oQKRiak71czrFNypgUbsi64ZTeG:SuqR1QheNIo7DznWjwolPmWQyUwG

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      aa1cf9e20212c91b27c87de4c4962f8f6768c30350e75caed310c09e530d5e04

    • Size

      1.2MB

    • MD5

      89ff258b7a3e752b0d2a6db304ed38f7

    • SHA1

      e1a42ddce664a7ea68d9c36c80e347e1a0bebe20

    • SHA256

      aa1cf9e20212c91b27c87de4c4962f8f6768c30350e75caed310c09e530d5e04

    • SHA512

      cc37f7a868b5858c1698857556992e38b1f93f2c3809e09cb99ff47a385c0c60ec0010e8632d43b60221e8349c5e6d6ce0eca532b7adb4cd02f82367b92b8f34

    • SSDEEP

      24576:2BuqRr0CQheNIRavIUDGgDzvUIWjD8oQKRiak71czrFNypgUbsi64ZTeG:SuqR1QheNIo7DznWjwolPmWQyUwG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks