General

  • Target

    37167824162b4451c383ae318749bd89d08baad4e1dbf5c5a1c184de86716985

  • Size

    731KB

  • Sample

    241108-zemhva1rgm

  • MD5

    c5748166a76329da55d2d6b77efee34f

  • SHA1

    8f01c4769391a13262551a2ad702a4759493ed70

  • SHA256

    37167824162b4451c383ae318749bd89d08baad4e1dbf5c5a1c184de86716985

  • SHA512

    e65f2a24c748ac4aa1d1fcd27282fe42b82f06bb290f1ee054ec6a0c8d915b83148b6467eb247b20ed34334f66fc606227b301965664631353cadb94cfc409dd

  • SSDEEP

    12288:MMrEy9099ZI2/ZQEwW+v5PpXxZf3Mv49wHA/wYrw/jNmzjJ9QKzPZiJU8VE94a/U:Iy6IWZHwW+BpXxt8vJHLQPJ9XutVza/U

Malware Config

Extracted

Family

redline

Botnet

mars

C2

83.97.73.127:19045

Attributes
  • auth_value

    91bd3682cfb50cdc64b6009eb977b766

Targets

    • Target

      37167824162b4451c383ae318749bd89d08baad4e1dbf5c5a1c184de86716985

    • Size

      731KB

    • MD5

      c5748166a76329da55d2d6b77efee34f

    • SHA1

      8f01c4769391a13262551a2ad702a4759493ed70

    • SHA256

      37167824162b4451c383ae318749bd89d08baad4e1dbf5c5a1c184de86716985

    • SHA512

      e65f2a24c748ac4aa1d1fcd27282fe42b82f06bb290f1ee054ec6a0c8d915b83148b6467eb247b20ed34334f66fc606227b301965664631353cadb94cfc409dd

    • SSDEEP

      12288:MMrEy9099ZI2/ZQEwW+v5PpXxZf3Mv49wHA/wYrw/jNmzjJ9QKzPZiJU8VE94a/U:Iy6IWZHwW+BpXxt8vJHLQPJ9XutVza/U

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks