General

  • Target

    1901529b264b9be7a1e430ada5af833b47e2a145c0ad88ecd837b775ac40954c

  • Size

    751KB

  • Sample

    241105-174s9ssmfp

  • MD5

    e59b1ddabd1fe0755a1de8ac63e119d7

  • SHA1

    3695d0868319e35533ab45985c35455383df4835

  • SHA256

    1901529b264b9be7a1e430ada5af833b47e2a145c0ad88ecd837b775ac40954c

  • SHA512

    fdb6f5f28d235479d8932fc3521b485c9a0ce89b96369d9c19fea1a449ed0de2d5d2da2eec9cb3eda7803f592282c7fbf7a364e36c746757b0b73057930055b1

  • SSDEEP

    12288:+Mr0y9057z6BHFri/li+7HtBCOd5bNz9w90MAgAShRg:Gy27LUcHfCE5bNz9oAgThW

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      1901529b264b9be7a1e430ada5af833b47e2a145c0ad88ecd837b775ac40954c

    • Size

      751KB

    • MD5

      e59b1ddabd1fe0755a1de8ac63e119d7

    • SHA1

      3695d0868319e35533ab45985c35455383df4835

    • SHA256

      1901529b264b9be7a1e430ada5af833b47e2a145c0ad88ecd837b775ac40954c

    • SHA512

      fdb6f5f28d235479d8932fc3521b485c9a0ce89b96369d9c19fea1a449ed0de2d5d2da2eec9cb3eda7803f592282c7fbf7a364e36c746757b0b73057930055b1

    • SSDEEP

      12288:+Mr0y9057z6BHFri/li+7HtBCOd5bNz9w90MAgAShRg:Gy27LUcHfCE5bNz9oAgThW

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks