General

  • Target

    333146b545bf4348bcfa1a1cc45fab6a8387d1f4199faa0369b33fd8185dd265

  • Size

    731KB

  • Sample

    241105-gna73aylcp

  • MD5

    46f8111d0d1bd5ad703d6a6648b7536c

  • SHA1

    db1a39b50bc4cd11f030752480a89fa6a491fa0d

  • SHA256

    333146b545bf4348bcfa1a1cc45fab6a8387d1f4199faa0369b33fd8185dd265

  • SHA512

    d526caaea1c9c69f24ea5d8a08a975d52e09ad8be31861d1e9cf7609918d5a8b9cc91998a6fdd9cc4c7a61626ccd61b7b26bff37fbee01b293da81c812d6fddb

  • SSDEEP

    12288:RMrfy90DXwCpdetvNA0WBjpga1Y6yBBWJUdB+N57DHtcmrYD2+z48KSHj:WygXwCpd4FMgaVM8UB+7DNcgYD22lRHj

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      333146b545bf4348bcfa1a1cc45fab6a8387d1f4199faa0369b33fd8185dd265

    • Size

      731KB

    • MD5

      46f8111d0d1bd5ad703d6a6648b7536c

    • SHA1

      db1a39b50bc4cd11f030752480a89fa6a491fa0d

    • SHA256

      333146b545bf4348bcfa1a1cc45fab6a8387d1f4199faa0369b33fd8185dd265

    • SHA512

      d526caaea1c9c69f24ea5d8a08a975d52e09ad8be31861d1e9cf7609918d5a8b9cc91998a6fdd9cc4c7a61626ccd61b7b26bff37fbee01b293da81c812d6fddb

    • SSDEEP

      12288:RMrfy90DXwCpdetvNA0WBjpga1Y6yBBWJUdB+N57DHtcmrYD2+z48KSHj:WygXwCpd4FMgaVM8UB+7DNcgYD22lRHj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks