General

  • Target

    31b443336c4bd6a6c3a82bff772a25d876c2dcf7e951d59cce7d3afefb4ed2bc

  • Size

    752KB

  • Sample

    241105-2fe69szdph

  • MD5

    d94e31572f1173ba2cae5c4ee75c1e4e

  • SHA1

    5f2609d3491c72bd26591377300ab164f49930b8

  • SHA256

    31b443336c4bd6a6c3a82bff772a25d876c2dcf7e951d59cce7d3afefb4ed2bc

  • SHA512

    bcb670e4a54e6b35f2b4ac2d48cb36c619a4ac2cf3774a8140de0a6577525c1b1ab5212b08618679c87ce9017e13996485def64e8eb60c6d5e7945b09b403ac0

  • SSDEEP

    12288:TMrBy90sXzyelW/1FLe+aYYDYxx5wq9f45ZQoWYcyDXyzyxuwLsD:WyKelW/11/mDFOA5V/8yxV6

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      31b443336c4bd6a6c3a82bff772a25d876c2dcf7e951d59cce7d3afefb4ed2bc

    • Size

      752KB

    • MD5

      d94e31572f1173ba2cae5c4ee75c1e4e

    • SHA1

      5f2609d3491c72bd26591377300ab164f49930b8

    • SHA256

      31b443336c4bd6a6c3a82bff772a25d876c2dcf7e951d59cce7d3afefb4ed2bc

    • SHA512

      bcb670e4a54e6b35f2b4ac2d48cb36c619a4ac2cf3774a8140de0a6577525c1b1ab5212b08618679c87ce9017e13996485def64e8eb60c6d5e7945b09b403ac0

    • SSDEEP

      12288:TMrBy90sXzyelW/1FLe+aYYDYxx5wq9f45ZQoWYcyDXyzyxuwLsD:WyKelW/11/mDFOA5V/8yxV6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks