General

  • Target

    b3b63daac57d6d35ce6772f70c1ea912536579f8fca66fb8d5b70a493f711f51

  • Size

    940KB

  • Sample

    241106-nq66vazekp

  • MD5

    fe56dd855920dd52cc5ebe331ea80b3c

  • SHA1

    2e10ed3c641152d3c6e2c226be295e46083bee13

  • SHA256

    b3b63daac57d6d35ce6772f70c1ea912536579f8fca66fb8d5b70a493f711f51

  • SHA512

    90379cf3bd73f13957a64ab12e7a78e680f03f0ece6cc9dcfb75801f0b4bb71d06a3ad7a7804faf16a650f147824258a7391cd5a4ef3db71e673a5044962f05d

  • SSDEEP

    24576:3y5Is77op/oWzk3UL0Z09qzQdgZPKC5R:C5IsPopg+SUhczRPKC

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

diro

C2

185.161.248.90:4125

Attributes
  • auth_value

    ae95bda0dd2e95169886a3a68138568b

Targets

    • Target

      b3b63daac57d6d35ce6772f70c1ea912536579f8fca66fb8d5b70a493f711f51

    • Size

      940KB

    • MD5

      fe56dd855920dd52cc5ebe331ea80b3c

    • SHA1

      2e10ed3c641152d3c6e2c226be295e46083bee13

    • SHA256

      b3b63daac57d6d35ce6772f70c1ea912536579f8fca66fb8d5b70a493f711f51

    • SHA512

      90379cf3bd73f13957a64ab12e7a78e680f03f0ece6cc9dcfb75801f0b4bb71d06a3ad7a7804faf16a650f147824258a7391cd5a4ef3db71e673a5044962f05d

    • SSDEEP

      24576:3y5Is77op/oWzk3UL0Z09qzQdgZPKC5R:C5IsPopg+SUhczRPKC

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks