Overview

overview

10

Static

static

3

97d2abaaa6...a2.exe

windows10-2004-x64

10

Resubmissions

05-11-2024 22:47

241105-2q2g9asqgl 10

05-11-2024 22:44

241105-2nzwmszfjb 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97d2abaaa698e8887aebe2418d4fca24f890e23d4225d8eb34cede131849aaa2

  • Size

    789KB

  • Sample

    241105-2nzwmszfjb

  • MD5

    81a33252d971c9412230a03775d26007

  • SHA1

    44c5e5f73afd8eecd4467a5e2d4f183b5efde76d

  • SHA256

    97d2abaaa698e8887aebe2418d4fca24f890e23d4225d8eb34cede131849aaa2

  • SHA512

    0a411c8f19fc5b98c799374562e3dd042bebebe8f4575ae396e6639e3aa889c72d371abfa4fc452e2f8e6b665d76a60fd614c92bc309a02a65c81f5a91564f05

  • SSDEEP

    12288:BMrMy90cdo8C1wNYzNj4bIFB7WohJJUvyEI4FvTEAkBiesoNPsvfV72CEkKabf:NyJdo8cP4b4VhJJUfI4FrEPkcClNbf

Score
10/10
healerredlinedizanormdiscoverydropperevasioninfostealerpersistencetrojan

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

diza

C2

77.91.124.145:4125

Attributes
  • auth_value

    bbab0d2f0ae4d4fdd6b17077d93b3e80

Targets

    • Target

      97d2abaaa698e8887aebe2418d4fca24f890e23d4225d8eb34cede131849aaa2

    • Size

      789KB

    • MD5

      81a33252d971c9412230a03775d26007

    • SHA1

      44c5e5f73afd8eecd4467a5e2d4f183b5efde76d

    • SHA256

      97d2abaaa698e8887aebe2418d4fca24f890e23d4225d8eb34cede131849aaa2

    • SHA512

      0a411c8f19fc5b98c799374562e3dd042bebebe8f4575ae396e6639e3aa889c72d371abfa4fc452e2f8e6b665d76a60fd614c92bc309a02a65c81f5a91564f05

    • SSDEEP

      12288:BMrMy90cdo8C1wNYzNj4bIFB7WohJJUvyEI4FvTEAkBiesoNPsvfV72CEkKabf:NyJdo8cP4b4VhJJUfI4FrEPkcClNbf

    Score
    10/10
    healerredlinedizanormdiscoverydropperevasioninfostealerpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Healer family

      healer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Redline family

      redline

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks