General

  • Target

    ef049689f669217e6b30dc5039dc4b7c8bec08159baaeadc71a23f202b7b1de2

  • Size

    926KB

  • Sample

    241109-f4rz3sydpb

  • MD5

    1abf7a59b232db7fd13da75c7a03984b

  • SHA1

    b57c582cbb06bb48a862235146887577ff67b9fd

  • SHA256

    ef049689f669217e6b30dc5039dc4b7c8bec08159baaeadc71a23f202b7b1de2

  • SHA512

    1438f2bfa2452f43fead7591cb2ffb0554bd1faea71749726d817edb15c3141aafb72b8e35f3399e0d4d00073a9214053fb9191fc98db29e5723c1a147f17476

  • SSDEEP

    24576:byylyMZxt8Ylj5e2ktZLjKalr8qfMCVNr+w:O2e2gvKalrNXNr+

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

dezik

C2

77.91.124.145:4125

Attributes
  • auth_value

    afab3a79f84bd5003ef2824211bcf14e

Targets

    • Target

      ef049689f669217e6b30dc5039dc4b7c8bec08159baaeadc71a23f202b7b1de2

    • Size

      926KB

    • MD5

      1abf7a59b232db7fd13da75c7a03984b

    • SHA1

      b57c582cbb06bb48a862235146887577ff67b9fd

    • SHA256

      ef049689f669217e6b30dc5039dc4b7c8bec08159baaeadc71a23f202b7b1de2

    • SHA512

      1438f2bfa2452f43fead7591cb2ffb0554bd1faea71749726d817edb15c3141aafb72b8e35f3399e0d4d00073a9214053fb9191fc98db29e5723c1a147f17476

    • SSDEEP

      24576:byylyMZxt8Ylj5e2ktZLjKalr8qfMCVNr+w:O2e2gvKalrNXNr+

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks