General

  • Target

    428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4

  • Size

    1.2MB

  • Sample

    240817-y4nlrsxenq

  • MD5

    1b770e134595e88e7bfe52bd21910268

  • SHA1

    cddfeff7348a043e63409c5152cba012c4bb447e

  • SHA256

    428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4

  • SHA512

    0a84caa7276dfdbecdd5e34269a5bc19462bf471d153cd23c7ea972194329612fa60fc9a0076610ace8389b6f3d7c09dc8325e778a46b26de3437584d8483745

  • SSDEEP

    24576:o74cr0oaB4zPAqgNC6m38vyLFYlwnlEjhfUiLe6eWyFQG:m4crJyzqgN23gqF+G1h6ebQG

Malware Config

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4

    • Size

      1.2MB

    • MD5

      1b770e134595e88e7bfe52bd21910268

    • SHA1

      cddfeff7348a043e63409c5152cba012c4bb447e

    • SHA256

      428a17a655ad7a333354512adf488c9d939ec2cbd0ebefe3016c0a7a9b602ce4

    • SHA512

      0a84caa7276dfdbecdd5e34269a5bc19462bf471d153cd23c7ea972194329612fa60fc9a0076610ace8389b6f3d7c09dc8325e778a46b26de3437584d8483745

    • SSDEEP

      24576:o74cr0oaB4zPAqgNC6m38vyLFYlwnlEjhfUiLe6eWyFQG:m4crJyzqgN23gqF+G1h6ebQG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.