General

  • Target

    1d5db930484f21868670beb24dd3fa9a12f9ebc4fd9869c7054292599e604053

  • Size

    808KB

  • Sample

    241108-cjdeeasjfv

  • MD5

    2ed469edbf161a338f5b0d82e9f1dd08

  • SHA1

    e6560273952948d825e73501ed04d6e9dce6b892

  • SHA256

    1d5db930484f21868670beb24dd3fa9a12f9ebc4fd9869c7054292599e604053

  • SHA512

    787f15e126242b25bd7f389a0c0e82515255e6e057623c28a5a8fde9fbae325d90a36abce08c46e32ea97a8f505ea2bacc056dea53192d9426516927301c32c8

  • SSDEEP

    12288:qMrYy90defWz605p4783PMtr+S0j8PX2rFaUEyvI30QcL9YXCp7GS8N:Wyq60r8r++HUEyvI30QA9Tzm

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

diza

C2

185.161.248.90:4125

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      1d5db930484f21868670beb24dd3fa9a12f9ebc4fd9869c7054292599e604053

    • Size

      808KB

    • MD5

      2ed469edbf161a338f5b0d82e9f1dd08

    • SHA1

      e6560273952948d825e73501ed04d6e9dce6b892

    • SHA256

      1d5db930484f21868670beb24dd3fa9a12f9ebc4fd9869c7054292599e604053

    • SHA512

      787f15e126242b25bd7f389a0c0e82515255e6e057623c28a5a8fde9fbae325d90a36abce08c46e32ea97a8f505ea2bacc056dea53192d9426516927301c32c8

    • SSDEEP

      12288:qMrYy90defWz605p4783PMtr+S0j8PX2rFaUEyvI30QcL9YXCp7GS8N:Wyq60r8r++HUEyvI30QA9Tzm

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks