General

  • Target

    a471a6b3d43f81c6f9787f45d9b665559f817eb5f7a7f43403fd0623b4b14bc1

  • Size

    660KB

  • Sample

    241105-svdgjssqfw

  • MD5

    af54cbea93296b812b5c253e27b48b07

  • SHA1

    adad655cde21c1c4b0a88ea5bc44ee3315215d04

  • SHA256

    a471a6b3d43f81c6f9787f45d9b665559f817eb5f7a7f43403fd0623b4b14bc1

  • SHA512

    33550fb0eb06e8b91295b8a8d4c2e7b3ba6032d4b6fa130699bb3b4acf2c1f76c3e6d750828e73114b7e4caa8426ceb7c0b15fa5bb44399ed89e8e4e4e7cc1b7

  • SSDEEP

    12288:PMruy90z9pUH/OBqM5FnE+8JEST8pxc+pnIVbSxzhMnCbY03Ghc:5yIpe/WqM5a+8JEST8KbSPWCN3Uc

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

dozt

C2

77.91.124.145:4125

Attributes
  • auth_value

    857bdfe4fa14711025859d89f18b32cb

Targets

    • Target

      a471a6b3d43f81c6f9787f45d9b665559f817eb5f7a7f43403fd0623b4b14bc1

    • Size

      660KB

    • MD5

      af54cbea93296b812b5c253e27b48b07

    • SHA1

      adad655cde21c1c4b0a88ea5bc44ee3315215d04

    • SHA256

      a471a6b3d43f81c6f9787f45d9b665559f817eb5f7a7f43403fd0623b4b14bc1

    • SHA512

      33550fb0eb06e8b91295b8a8d4c2e7b3ba6032d4b6fa130699bb3b4acf2c1f76c3e6d750828e73114b7e4caa8426ceb7c0b15fa5bb44399ed89e8e4e4e7cc1b7

    • SSDEEP

      12288:PMruy90z9pUH/OBqM5FnE+8JEST8pxc+pnIVbSxzhMnCbY03Ghc:5yIpe/WqM5a+8JEST8KbSPWCN3Uc

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks