General

  • Target

    cea8ba12efb9163cafed4c4f23722595b2eb12fbe282d30ee23a3cbfd2182d40

  • Size

    1.2MB

  • Sample

    231013-flratseg6z

  • MD5

    c62b28815ceb04d49aed8083cb219b34

  • SHA1

    55672034b7f9642c843df99a3956438c11b38a02

  • SHA256

    cea8ba12efb9163cafed4c4f23722595b2eb12fbe282d30ee23a3cbfd2182d40

  • SHA512

    64d134376d359d25c571100b6afbd9b1526e43656a9003f7d250116a151c16bc77fff4934645ec7422d6344db093a68ceee2176094e2de5bf707e7a9fef96b56

  • SSDEEP

    24576:Z9q+VDNJsRSO2cnMEHHryl8YZCID8Nf+owSRqmyfDmZDKG:jq+VHISO2cNnN8D85K8qPPG

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      cea8ba12efb9163cafed4c4f23722595b2eb12fbe282d30ee23a3cbfd2182d40

    • Size

      1.2MB

    • MD5

      c62b28815ceb04d49aed8083cb219b34

    • SHA1

      55672034b7f9642c843df99a3956438c11b38a02

    • SHA256

      cea8ba12efb9163cafed4c4f23722595b2eb12fbe282d30ee23a3cbfd2182d40

    • SHA512

      64d134376d359d25c571100b6afbd9b1526e43656a9003f7d250116a151c16bc77fff4934645ec7422d6344db093a68ceee2176094e2de5bf707e7a9fef96b56

    • SSDEEP

      24576:Z9q+VDNJsRSO2cnMEHHryl8YZCID8Nf+owSRqmyfDmZDKG:jq+VHISO2cNnN8D85K8qPPG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks