General

  • Target

    5391c69fee5a66b61039d45b6f449492bf246458c3ab873c9df398ec4e9706f5

  • Size

    731KB

  • Sample

    241107-ax6xrs1glg

  • MD5

    d6af21dd1c6c93c3fa3e0a3acb5b4c4e

  • SHA1

    b09bea24cc2d268dabb28069af45e8b780dd382e

  • SHA256

    5391c69fee5a66b61039d45b6f449492bf246458c3ab873c9df398ec4e9706f5

  • SHA512

    fa848ebe4f66df828916aba1fc52b910ffadfbb0c5b131a5436a02b95bae33de0f48bd79d8b34aa5641626b7cdf006dc55bd67f5b666e38b0d15b60bff2a477a

  • SSDEEP

    12288:JMr4y90Q1xxK94uxnpheYx94D9bWOdCW6W/GzX01ert8FQt+rVK3E:lyrZA7BkD1n6CGA1kGQt+M3E

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      5391c69fee5a66b61039d45b6f449492bf246458c3ab873c9df398ec4e9706f5

    • Size

      731KB

    • MD5

      d6af21dd1c6c93c3fa3e0a3acb5b4c4e

    • SHA1

      b09bea24cc2d268dabb28069af45e8b780dd382e

    • SHA256

      5391c69fee5a66b61039d45b6f449492bf246458c3ab873c9df398ec4e9706f5

    • SHA512

      fa848ebe4f66df828916aba1fc52b910ffadfbb0c5b131a5436a02b95bae33de0f48bd79d8b34aa5641626b7cdf006dc55bd67f5b666e38b0d15b60bff2a477a

    • SSDEEP

      12288:JMr4y90Q1xxK94uxnpheYx94D9bWOdCW6W/GzX01ert8FQt+rVK3E:lyrZA7BkD1n6CGA1kGQt+M3E

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks