General

  • Target

    63a881cfffbba30e32557da65b7820cda3d272748a9e0e0908d905f002106637

  • Size

    851KB

  • Sample

    241107-3y5ejszmds

  • MD5

    05555887bfadbeb4c0fdda7be1a9d8d4

  • SHA1

    568dc64195843eab4a7da2297f269a7f316b0370

  • SHA256

    63a881cfffbba30e32557da65b7820cda3d272748a9e0e0908d905f002106637

  • SHA512

    2608c2c2f4ea1d7eefc7482ac41ba227c6940fbaba2f81aa514dd27ae49d2e13e2a1580b6ac0f207b98f50fb734e756e2984e7ae89ece6233b402a3f18ecb025

  • SSDEEP

    12288:yMrBy901aIaUaMkTrcdwMDEH2/ecVE6EWT035BpydVg2orbOzB2Q:vyABanMkfpMEhO2WCp+epO8Q

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

diza

C2

185.161.248.90:4125

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      63a881cfffbba30e32557da65b7820cda3d272748a9e0e0908d905f002106637

    • Size

      851KB

    • MD5

      05555887bfadbeb4c0fdda7be1a9d8d4

    • SHA1

      568dc64195843eab4a7da2297f269a7f316b0370

    • SHA256

      63a881cfffbba30e32557da65b7820cda3d272748a9e0e0908d905f002106637

    • SHA512

      2608c2c2f4ea1d7eefc7482ac41ba227c6940fbaba2f81aa514dd27ae49d2e13e2a1580b6ac0f207b98f50fb734e756e2984e7ae89ece6233b402a3f18ecb025

    • SSDEEP

      12288:yMrBy901aIaUaMkTrcdwMDEH2/ecVE6EWT035BpydVg2orbOzB2Q:vyABanMkfpMEhO2WCp+epO8Q

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks