General

  • Target

    cffe3194f3b9984832d5ed92f88f9073548f94ee45f07b189c8f073074f8bb00

  • Size

    753KB

  • Sample

    241109-emq6saxcpd

  • MD5

    fb13647bcaacbb515e3f0c7218fb16b9

  • SHA1

    d6b8f74f0ba81454823940d871d7b65a3c05225a

  • SHA256

    cffe3194f3b9984832d5ed92f88f9073548f94ee45f07b189c8f073074f8bb00

  • SHA512

    9ee3719f85163dce4e4cd0822ad990dca3c0b84bcc5bfba55e888b81053afa330008cd826eb1ad21c23dea3052510923ea4860d938ee59a83f61e5d0762a1368

  • SSDEEP

    12288:cMroy90CAO6RyT+eQRlPyF0ROPd/x9jg7uNdDfeHyS6SRSzSnOjYp0HOOxgACO1:kyjletZqZjg6D2Hytg6SnOUpPdAN1

Malware Config

Extracted

Family

redline

Botnet

mars

C2

83.97.73.127:19045

Attributes
  • auth_value

    91bd3682cfb50cdc64b6009eb977b766

Targets

    • Target

      cffe3194f3b9984832d5ed92f88f9073548f94ee45f07b189c8f073074f8bb00

    • Size

      753KB

    • MD5

      fb13647bcaacbb515e3f0c7218fb16b9

    • SHA1

      d6b8f74f0ba81454823940d871d7b65a3c05225a

    • SHA256

      cffe3194f3b9984832d5ed92f88f9073548f94ee45f07b189c8f073074f8bb00

    • SHA512

      9ee3719f85163dce4e4cd0822ad990dca3c0b84bcc5bfba55e888b81053afa330008cd826eb1ad21c23dea3052510923ea4860d938ee59a83f61e5d0762a1368

    • SSDEEP

      12288:cMroy90CAO6RyT+eQRlPyF0ROPd/x9jg7uNdDfeHyS6SRSzSnOjYp0HOOxgACO1:kyjletZqZjg6D2Hytg6SnOUpPdAN1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks