General

  • Target

    90041d5dccef526cffda92ab2364503adca65193600d95531dbba7b6f26b0409

  • Size

    732KB

  • Sample

    241108-twnjksvhnr

  • MD5

    19193e6c37eb7ae482d6d92906a0015c

  • SHA1

    ef5c61d13b60e20bd80a0bcbb789524674abe2b7

  • SHA256

    90041d5dccef526cffda92ab2364503adca65193600d95531dbba7b6f26b0409

  • SHA512

    a9d68b76eb8f4e2b9232e0115037deac782ee74b4e5f5b0c977913ce8032df29062ef02bb48fdcdb326f7e0d0f954c5e40a376ced95a0cf743ac759c6cf62c61

  • SSDEEP

    12288:aMrhy90rtCKNOu2YeZqGm9S2VbN5B6U3Q858HkXMnOJxDwn5LzyuQ9LprT:3ySsuOu2M/53Qaq+zUn1zXUV

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      90041d5dccef526cffda92ab2364503adca65193600d95531dbba7b6f26b0409

    • Size

      732KB

    • MD5

      19193e6c37eb7ae482d6d92906a0015c

    • SHA1

      ef5c61d13b60e20bd80a0bcbb789524674abe2b7

    • SHA256

      90041d5dccef526cffda92ab2364503adca65193600d95531dbba7b6f26b0409

    • SHA512

      a9d68b76eb8f4e2b9232e0115037deac782ee74b4e5f5b0c977913ce8032df29062ef02bb48fdcdb326f7e0d0f954c5e40a376ced95a0cf743ac759c6cf62c61

    • SSDEEP

      12288:aMrhy90rtCKNOu2YeZqGm9S2VbN5B6U3Q858HkXMnOJxDwn5LzyuQ9LprT:3ySsuOu2M/53Qaq+zUn1zXUV

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks