General

  • Target

    3d96d97cf6b1c501716fe384a4cc235ea5d790ee05f1cb47a567c5f4112017bc

  • Size

    653KB

  • Sample

    241109-edefmawmev

  • MD5

    e783473404f549371250a347492d6b36

  • SHA1

    c569070938159171abd8b0979d46b0353e3f94fb

  • SHA256

    3d96d97cf6b1c501716fe384a4cc235ea5d790ee05f1cb47a567c5f4112017bc

  • SHA512

    87bf25315af8da96bf1c98b65a144df096e8ac4768cb865daa263cc067e22dda004ef3fcb09b21cfdda0502b0957d10095233660d66c20311f1976eab1124c7c

  • SSDEEP

    12288:DMrBy90hG1RmblqhiDhas+pG7yU7qhm/ZtlcJWUPG:SyXKcyas+pGTgmBIo

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

diza

C2

77.91.124.145:4125

Attributes
  • auth_value

    bbab0d2f0ae4d4fdd6b17077d93b3e80

Targets

    • Target

      3d96d97cf6b1c501716fe384a4cc235ea5d790ee05f1cb47a567c5f4112017bc

    • Size

      653KB

    • MD5

      e783473404f549371250a347492d6b36

    • SHA1

      c569070938159171abd8b0979d46b0353e3f94fb

    • SHA256

      3d96d97cf6b1c501716fe384a4cc235ea5d790ee05f1cb47a567c5f4112017bc

    • SHA512

      87bf25315af8da96bf1c98b65a144df096e8ac4768cb865daa263cc067e22dda004ef3fcb09b21cfdda0502b0957d10095233660d66c20311f1976eab1124c7c

    • SSDEEP

      12288:DMrBy90hG1RmblqhiDhas+pG7yU7qhm/ZtlcJWUPG:SyXKcyas+pGTgmBIo

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks