General

  • Target

    3a3f540ea5dbc27394cf7057d6dd48bc5feb619d22648f9c0c7b109669385d91

  • Size

    660KB

  • Sample

    241105-25a9ls1fkj

  • MD5

    5ab407454f7926a3bf03a6e54149b155

  • SHA1

    2f617eba94e317653f70421466c76c380f25c454

  • SHA256

    3a3f540ea5dbc27394cf7057d6dd48bc5feb619d22648f9c0c7b109669385d91

  • SHA512

    99a3d77a5444077cf686ab8b1872dc1884277d82d5b0fa834481dbd439d90bfd8e17f379279754353de307950f8e6429bcf9eb943d28410c3ce645de790b9321

  • SSDEEP

    12288:sMrky90p8d59FgTvfsaFfWB7Gv29hwTet86513Iy12lJHnppxyCK2:Ayu8P9gvfslpw686513Iy1OJn5lK2

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

dozt

C2

77.91.124.145:4125

Attributes
  • auth_value

    857bdfe4fa14711025859d89f18b32cb

Targets

    • Target

      3a3f540ea5dbc27394cf7057d6dd48bc5feb619d22648f9c0c7b109669385d91

    • Size

      660KB

    • MD5

      5ab407454f7926a3bf03a6e54149b155

    • SHA1

      2f617eba94e317653f70421466c76c380f25c454

    • SHA256

      3a3f540ea5dbc27394cf7057d6dd48bc5feb619d22648f9c0c7b109669385d91

    • SHA512

      99a3d77a5444077cf686ab8b1872dc1884277d82d5b0fa834481dbd439d90bfd8e17f379279754353de307950f8e6429bcf9eb943d28410c3ce645de790b9321

    • SSDEEP

      12288:sMrky90p8d59FgTvfsaFfWB7Gv29hwTet86513Iy12lJHnppxyCK2:Ayu8P9gvfslpw686513Iy1OJn5lK2

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks