General

  • Target

    bdd0c0769a20ac72ca52ebc4800706d55c5420e91c7150c2ed03c9093f2d7aaa

  • Size

    930KB

  • Sample

    231014-b6zqgsae4v

  • MD5

    3460167c1d4aa82be63e7d58086d4dc3

  • SHA1

    698a2c76dca22b0434f435fa686b8e16d3c09e07

  • SHA256

    bdd0c0769a20ac72ca52ebc4800706d55c5420e91c7150c2ed03c9093f2d7aaa

  • SHA512

    79ab6533342e459d8d2c9602938541fdd9388dfa0fdd74c3d7ce2ac429a3a30da1b9cfc185312614e176ea8ec70540f729b92e651dce570baf0808f3f22441ac

  • SSDEEP

    12288:d6//yfYb5BIQZVte2f8sD5ARNRDDyBPd0mWuh1eueMbQkXwSUqf7ZOqPMeIX9iDF:giuBtZsDM0fuuuw9qZFbANhTil+85

Malware Config

Extracted

Family

redline

Botnet

moner

C2

77.91.124.82:19071

Attributes
  • auth_value

    a94cd9e01643e1945b296c28a2f28707

Targets

    • Target

      bdd0c0769a20ac72ca52ebc4800706d55c5420e91c7150c2ed03c9093f2d7aaa

    • Size

      930KB

    • MD5

      3460167c1d4aa82be63e7d58086d4dc3

    • SHA1

      698a2c76dca22b0434f435fa686b8e16d3c09e07

    • SHA256

      bdd0c0769a20ac72ca52ebc4800706d55c5420e91c7150c2ed03c9093f2d7aaa

    • SHA512

      79ab6533342e459d8d2c9602938541fdd9388dfa0fdd74c3d7ce2ac429a3a30da1b9cfc185312614e176ea8ec70540f729b92e651dce570baf0808f3f22441ac

    • SSDEEP

      12288:d6//yfYb5BIQZVte2f8sD5ARNRDDyBPd0mWuh1eueMbQkXwSUqf7ZOqPMeIX9iDF:giuBtZsDM0fuuuw9qZFbANhTil+85

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks