General

  • Target

    095f81af3a0a21f1ad8ba414019cc09625bb0b9603fcb9e56dd1cd1abe7352be

  • Size

    961KB

  • Sample

    241107-m2dg8s1cpd

  • MD5

    3d6c04ca281b84f3ca5c7d6216892ad7

  • SHA1

    cd6c97aaf47fa767fda6761563647b9a57fbf4d6

  • SHA256

    095f81af3a0a21f1ad8ba414019cc09625bb0b9603fcb9e56dd1cd1abe7352be

  • SHA512

    04744a682043ac56362c5e94ff8f7a85f9ea4ce0b06622878e61fa52e338dff52bfdfc8a28aeabea1f7178350e31b8be2cfb9a304f25c2ee9115dab05b645b30

  • SSDEEP

    24576:PyI1jFnQ5XrPUjfX6BaS3wZ3QLvpWEGOVfL:aI1hQlrPe6fwZQLxKO

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

diro

C2

185.161.248.90:4125

Attributes
  • auth_value

    ae95bda0dd2e95169886a3a68138568b

Targets

    • Target

      095f81af3a0a21f1ad8ba414019cc09625bb0b9603fcb9e56dd1cd1abe7352be

    • Size

      961KB

    • MD5

      3d6c04ca281b84f3ca5c7d6216892ad7

    • SHA1

      cd6c97aaf47fa767fda6761563647b9a57fbf4d6

    • SHA256

      095f81af3a0a21f1ad8ba414019cc09625bb0b9603fcb9e56dd1cd1abe7352be

    • SHA512

      04744a682043ac56362c5e94ff8f7a85f9ea4ce0b06622878e61fa52e338dff52bfdfc8a28aeabea1f7178350e31b8be2cfb9a304f25c2ee9115dab05b645b30

    • SSDEEP

      24576:PyI1jFnQ5XrPUjfX6BaS3wZ3QLvpWEGOVfL:aI1hQlrPe6fwZQLxKO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks