General

  • Target

    e4f26e6e1225d9bdf37fcb61bf4016b5ffe2ca1394434ee97347141bcf76aa93

  • Size

    661KB

  • Sample

    241104-2bm2ba1lhn

  • MD5

    1269ce4ecbcff1b9876a5315e425ffb5

  • SHA1

    86a4d70cfe35cef1e7000b0c061400565412b051

  • SHA256

    e4f26e6e1225d9bdf37fcb61bf4016b5ffe2ca1394434ee97347141bcf76aa93

  • SHA512

    0d9426f801cef30e656e4e477d7f10f3188158e06d0fb05425511ad799dbb87b7a61a341be761615c01d249c4fdbdd432e0c431c46ca246f810443c9b04c0c89

  • SSDEEP

    12288:uMrgy90+h822oj2LqEP5h40Ubvq4do4hzRxVcA1kE:ayVhSoCOERhvOqfKRxVjf

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

dozt

C2

77.91.124.145:4125

Attributes
  • auth_value

    857bdfe4fa14711025859d89f18b32cb

Targets

    • Target

      e4f26e6e1225d9bdf37fcb61bf4016b5ffe2ca1394434ee97347141bcf76aa93

    • Size

      661KB

    • MD5

      1269ce4ecbcff1b9876a5315e425ffb5

    • SHA1

      86a4d70cfe35cef1e7000b0c061400565412b051

    • SHA256

      e4f26e6e1225d9bdf37fcb61bf4016b5ffe2ca1394434ee97347141bcf76aa93

    • SHA512

      0d9426f801cef30e656e4e477d7f10f3188158e06d0fb05425511ad799dbb87b7a61a341be761615c01d249c4fdbdd432e0c431c46ca246f810443c9b04c0c89

    • SSDEEP

      12288:uMrgy90+h822oj2LqEP5h40Ubvq4do4hzRxVcA1kE:ayVhSoCOERhvOqfKRxVjf

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks