General

  • Target

    f61086c2593b9d2f91ce23c3f15ec527e148d322b246dc43e489d88e9de20280

  • Size

    1.0MB

  • Sample

    241109-f3wlwaydmc

  • MD5

    856f9acc3d79bfe559539d41759e9f84

  • SHA1

    e52a839430be436ad0ee95b2f8ace4831cd94f93

  • SHA256

    f61086c2593b9d2f91ce23c3f15ec527e148d322b246dc43e489d88e9de20280

  • SHA512

    964046eb36dbeffa2705fc0fb4a8b04f8120aaf498e4439ba56126f530dfa5b68ce63f853b5b502778c98d2f75e0eff2eb426805a344747fd037ab34470f4af8

  • SSDEEP

    24576:py96odqxz5/BW4qrx0s0beSCYs7v9TwCXFE8yG691Zc:c9GQ1rv0beSFsTCCXFlyG69/

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

dizon

C2

77.91.124.145:4125

Attributes
  • auth_value

    047038ed6238aaee09c368831591e935

Targets

    • Target

      f61086c2593b9d2f91ce23c3f15ec527e148d322b246dc43e489d88e9de20280

    • Size

      1.0MB

    • MD5

      856f9acc3d79bfe559539d41759e9f84

    • SHA1

      e52a839430be436ad0ee95b2f8ace4831cd94f93

    • SHA256

      f61086c2593b9d2f91ce23c3f15ec527e148d322b246dc43e489d88e9de20280

    • SHA512

      964046eb36dbeffa2705fc0fb4a8b04f8120aaf498e4439ba56126f530dfa5b68ce63f853b5b502778c98d2f75e0eff2eb426805a344747fd037ab34470f4af8

    • SSDEEP

      24576:py96odqxz5/BW4qrx0s0beSCYs7v9TwCXFE8yG691Zc:c9GQ1rv0beSFsTCCXFlyG69/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks