General

  • Target

    0bb54f15c8ef5f28ee0543d657b411fbaed7008ee03c541dc05710480d403a65

  • Size

    660KB

  • Sample

    241105-fnthzavflg

  • MD5

    2eb9b78dbe383c6acdff8cd77c0ee0c9

  • SHA1

    4744498086c59d0c9b039e98fda09bd5b8302d13

  • SHA256

    0bb54f15c8ef5f28ee0543d657b411fbaed7008ee03c541dc05710480d403a65

  • SHA512

    dcded132a3a393f4b98b6121fd32885277c0d6f1164861d58c52383472efed59edbf60d7f92069569cd78118e4050314c4a76f3d053fd7dc7d8703c93ff5e72c

  • SSDEEP

    12288:5MrUy90ezu1rILxps729Re9acHT+Cn29hwTev8+51O+yOiCp6BeGAF6+auK:Ryz2rILfsaR2ackwg8+51O+yOiCkB0Fs

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

dozt

C2

77.91.124.145:4125

Attributes
  • auth_value

    857bdfe4fa14711025859d89f18b32cb

Targets

    • Target

      0bb54f15c8ef5f28ee0543d657b411fbaed7008ee03c541dc05710480d403a65

    • Size

      660KB

    • MD5

      2eb9b78dbe383c6acdff8cd77c0ee0c9

    • SHA1

      4744498086c59d0c9b039e98fda09bd5b8302d13

    • SHA256

      0bb54f15c8ef5f28ee0543d657b411fbaed7008ee03c541dc05710480d403a65

    • SHA512

      dcded132a3a393f4b98b6121fd32885277c0d6f1164861d58c52383472efed59edbf60d7f92069569cd78118e4050314c4a76f3d053fd7dc7d8703c93ff5e72c

    • SSDEEP

      12288:5MrUy90ezu1rILxps729Re9acHT+Cn29hwTev8+51O+yOiCp6BeGAF6+auK:Ryz2rILfsaR2ackwg8+51O+yOiCkB0Fs

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks