General

  • Target

    8639290f882a6c30552c7d9b49c19dee6fb1c43b06957c7ea363ce01b99aac6e

  • Size

    1.0MB

  • Sample

    241107-vjmbesymfk

  • MD5

    0e524cffed5aa40e4d1b0f42c849090a

  • SHA1

    46b22818621ea3e4966f2927289536221c31f9fa

  • SHA256

    8639290f882a6c30552c7d9b49c19dee6fb1c43b06957c7ea363ce01b99aac6e

  • SHA512

    bc1742e07cea981f3e6dd0ffcb372a8a41cf400b1255cf19500cb3cebc239db62f8295254f37bdbffb368536b001e0f6ca7df22077d5632b59ea587d977fda41

  • SSDEEP

    24576:gyhXn8r6izByU1Lo1g9SNnEnyaoJjHzhWio+j/:nhMr6idl1Lo1UgnERopHAG

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

disa

C2

185.161.248.90:4125

Attributes
  • auth_value

    93f8c4ca7000e3381dd4b6b86434de05

Targets

    • Target

      8639290f882a6c30552c7d9b49c19dee6fb1c43b06957c7ea363ce01b99aac6e

    • Size

      1.0MB

    • MD5

      0e524cffed5aa40e4d1b0f42c849090a

    • SHA1

      46b22818621ea3e4966f2927289536221c31f9fa

    • SHA256

      8639290f882a6c30552c7d9b49c19dee6fb1c43b06957c7ea363ce01b99aac6e

    • SHA512

      bc1742e07cea981f3e6dd0ffcb372a8a41cf400b1255cf19500cb3cebc239db62f8295254f37bdbffb368536b001e0f6ca7df22077d5632b59ea587d977fda41

    • SSDEEP

      24576:gyhXn8r6izByU1Lo1g9SNnEnyaoJjHzhWio+j/:nhMr6idl1Lo1UgnERopHAG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks