General

  • Target

    dacab6bf94a694ffb32d927da19eaa65a9417cf3af6c51dd7e9bcc9195480267

  • Size

    1.1MB

  • Sample

    241106-y8akpsxgnm

  • MD5

    f6da6da3867f998ae4d9fdc3e92554d0

  • SHA1

    c4c897ac588ced33fefb721432ef39013aede484

  • SHA256

    dacab6bf94a694ffb32d927da19eaa65a9417cf3af6c51dd7e9bcc9195480267

  • SHA512

    3d889f4a5a5217de2c9eb0db9e93f3544b22f80ee91f9469a69f2f65e8e86f74f50d7b195f7e0aad3664d58a7f37d6748b9b5f361a908baa662dca18eb1df98d

  • SSDEEP

    24576:hyG7SzG1vIRLANuN85jUO9/Y7yeKpPi56v1J1ibRO1CM2b2P:UG+ov4LzyDEyeui5cJMbR6H2

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

lore

C2

185.161.248.90:4125

Attributes
  • auth_value

    523d51bd3c39801fa0405f4fb03df3c4

Targets

    • Target

      dacab6bf94a694ffb32d927da19eaa65a9417cf3af6c51dd7e9bcc9195480267

    • Size

      1.1MB

    • MD5

      f6da6da3867f998ae4d9fdc3e92554d0

    • SHA1

      c4c897ac588ced33fefb721432ef39013aede484

    • SHA256

      dacab6bf94a694ffb32d927da19eaa65a9417cf3af6c51dd7e9bcc9195480267

    • SHA512

      3d889f4a5a5217de2c9eb0db9e93f3544b22f80ee91f9469a69f2f65e8e86f74f50d7b195f7e0aad3664d58a7f37d6748b9b5f361a908baa662dca18eb1df98d

    • SSDEEP

      24576:hyG7SzG1vIRLANuN85jUO9/Y7yeKpPi56v1J1ibRO1CM2b2P:UG+ov4LzyDEyeui5cJMbR6H2

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks