General

  • Target

    f214c6b281d57380a86bd0f6d1ede273bb840616f241d6295a83145efa3ac459

  • Size

    1.0MB

  • Sample

    241107-qezzhasglh

  • MD5

    648bbdc10392bfaf81a5a406c7b79adf

  • SHA1

    300e02fddcd88b48e551eaec6480339095c8d30a

  • SHA256

    f214c6b281d57380a86bd0f6d1ede273bb840616f241d6295a83145efa3ac459

  • SHA512

    3ffb4cfd4dc2e3dd25b933008fc3f1d1b9370164857c37366f2c1cffb157f64b7d685998ba1f2cd44662eb08bfcfd643872cf27080b7c7ae5742a7b1194ec19d

  • SSDEEP

    12288:qMray90ygSLz8DntVkCUMaS9MfeIRHQNQ129xPaPgt1hiC9gysZ5SZRybQW7bPm0:0y/z8DtXU6Mf3yh31R9gxAkrjOXr7S

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

disa

C2

185.161.248.90:4125

Attributes
  • auth_value

    93f8c4ca7000e3381dd4b6b86434de05

Targets

    • Target

      f214c6b281d57380a86bd0f6d1ede273bb840616f241d6295a83145efa3ac459

    • Size

      1.0MB

    • MD5

      648bbdc10392bfaf81a5a406c7b79adf

    • SHA1

      300e02fddcd88b48e551eaec6480339095c8d30a

    • SHA256

      f214c6b281d57380a86bd0f6d1ede273bb840616f241d6295a83145efa3ac459

    • SHA512

      3ffb4cfd4dc2e3dd25b933008fc3f1d1b9370164857c37366f2c1cffb157f64b7d685998ba1f2cd44662eb08bfcfd643872cf27080b7c7ae5742a7b1194ec19d

    • SSDEEP

      12288:qMray90ygSLz8DntVkCUMaS9MfeIRHQNQ129xPaPgt1hiC9gysZ5SZRybQW7bPm0:0y/z8DtXU6Mf3yh31R9gxAkrjOXr7S

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks