Overview

overview

10

Static

static

3

j5520135.exe

windows7-x64

10

j5520135.exe

windows10-2004-x64

10

x2665667.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa11496ae8767601729e7f74ad715430N.cab

  • Size

    601KB

  • Sample

    240830-kh133svdkf

  • MD5

    aa11496ae8767601729e7f74ad715430

  • SHA1

    7123999dcd6b2897baa42e22877209f3c40ff505

  • SHA256

    7b8c157934afb9480c8ad7f456fccb235294c2a5557eb05102c736a24e2c9aaf

  • SHA512

    e4b1d916b47d9d5deb9c6fc3113c4a33c7340041d17c27fc8b744b6933de577d6b21507c0794b7bb4584af0a282a0198ddf754dd420395da75a7c7b68d92b14f

  • SSDEEP

    12288:cwQEN8l9O+jUdQXoQKMtSUBCLt9GIL1UHNRVZ0D8MdSkl:DN8luQYQKztet08WSkl

Score
10/10
healerredlinemonikpetindiscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

monik

C2

77.91.124.82:19071

Attributes
  • auth_value

    da7d9ea0878f5901f1f8319d34bdccea

Extracted

Family

redline

Botnet

petin

C2

77.91.124.82:19071

Attributes
  • auth_value

    f6cf7a48c0291d1ef5a3440429827d6d

Targets

    • Target

      j5520135.exe

    • Size

      392KB

    • MD5

      a02932183eda07a8563668fc0519e6ee

    • SHA1

      aece4bbc60a6d479572f4cc184fdc3275a50c0ba

    • SHA256

      faabc4c005f7afaaa638fcdc48b09e8b3a269baa13e2599fa699ba02a7e3fbb6

    • SHA512

      d60192997fe9fa869d1d9557acedff766329a0267c37d74f3fbe9682f13ac87bf8c9b3146b96a0ebb466554c49dafe34192ed6c3d685c5021306eb0332210db0

    • SSDEEP

      6144:jefcF7qOXciQ3xFF1kCaX4z4AOAnDXT3C0XJ2BMSo5apW58fi:ifc1tXcve44unisJkIz8fi

    Score
    10/10
    redlinemonikdiscoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      x2665667.exe

    • Size

      481KB

    • MD5

      5159171ed6475bc06366524e8dbc68b7

    • SHA1

      08fa75bd802d8c3872a7621ffbacd1bc4356b2ed

    • SHA256

      6316e65ea3595400e6df1a4dd79f98f3b49ecd4fad754bcb6f79efec95c5b092

    • SHA512

      4c5720c823412cc078e2ac75b3465adf1a897972c511cb5cb6d77925a2869be3df2ff60a718fc52603e8fbf09dc4765b7004167141357bb7836f6417fb8deca9

    • SSDEEP

      12288:/MrLy90CjFLAyoJCQ3oQqVZ19tc8Tb1H:sypFLAeQ4QUZ19tL

    Score
    10/10
    healerredlinepetindiscoverydropperevasioninfostealerpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral3

MITRE ATT&CK Enterprise v15

Tasks