General

  • Target

    96f270fcf9c22d1df331e9f459ea5262964841786bb25aa7fd111885998347e9

  • Size

    923KB

  • Sample

    241109-fvsj9a1mcr

  • MD5

    ce1b323889e147d55b52560df82a8590

  • SHA1

    179ea2a6a6ef4a7dd1f86c9a6ce2da63862aebc2

  • SHA256

    96f270fcf9c22d1df331e9f459ea5262964841786bb25aa7fd111885998347e9

  • SHA512

    5f6aec0ce25affab4d96d214111c856e19ea420d6f827e6a1fd415e037a2fe7bfdded7ebabdea2032cac93c3a6b20adb56f4eb9d5f08d28110a8c9fc2089f9b8

  • SSDEEP

    24576:IyFFoz7u17SvbRJ41a4GvUIjLALgrh+u+nOoGikc:PgIo4EJFwgr4u+nOB

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

dezik

C2

77.91.124.145:4125

Attributes
  • auth_value

    afab3a79f84bd5003ef2824211bcf14e

Targets

    • Target

      96f270fcf9c22d1df331e9f459ea5262964841786bb25aa7fd111885998347e9

    • Size

      923KB

    • MD5

      ce1b323889e147d55b52560df82a8590

    • SHA1

      179ea2a6a6ef4a7dd1f86c9a6ce2da63862aebc2

    • SHA256

      96f270fcf9c22d1df331e9f459ea5262964841786bb25aa7fd111885998347e9

    • SHA512

      5f6aec0ce25affab4d96d214111c856e19ea420d6f827e6a1fd415e037a2fe7bfdded7ebabdea2032cac93c3a6b20adb56f4eb9d5f08d28110a8c9fc2089f9b8

    • SSDEEP

      24576:IyFFoz7u17SvbRJ41a4GvUIjLALgrh+u+nOoGikc:PgIo4EJFwgr4u+nOB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks