General

  • Target

    0f9ce4675721da5030a4722de61e5385c982545be00f94e319beeede0aabde47

  • Size

    653KB

  • Sample

    241109-fyj3aa1mhm

  • MD5

    036ad80b18706b0e5f179ffe4dbab425

  • SHA1

    0d8dd3b9fdbf50d61c803a360932b1d3a8177e6c

  • SHA256

    0f9ce4675721da5030a4722de61e5385c982545be00f94e319beeede0aabde47

  • SHA512

    9c179b8e63ae5fd1c4780ac6cd698a6ff1e9b50aaf7168dbed0775bc0665bc9417aaf53c4b52794475bf1e438761e73eefb89afd10312533266fd78bf55fdd99

  • SSDEEP

    12288:EMrmy90g780S5OoLTK2fRi8rFSPKDXVUm6g0TFWcF:qy60S5DcPK3vMF

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

diza

C2

77.91.124.145:4125

Attributes
  • auth_value

    bbab0d2f0ae4d4fdd6b17077d93b3e80

Targets

    • Target

      0f9ce4675721da5030a4722de61e5385c982545be00f94e319beeede0aabde47

    • Size

      653KB

    • MD5

      036ad80b18706b0e5f179ffe4dbab425

    • SHA1

      0d8dd3b9fdbf50d61c803a360932b1d3a8177e6c

    • SHA256

      0f9ce4675721da5030a4722de61e5385c982545be00f94e319beeede0aabde47

    • SHA512

      9c179b8e63ae5fd1c4780ac6cd698a6ff1e9b50aaf7168dbed0775bc0665bc9417aaf53c4b52794475bf1e438761e73eefb89afd10312533266fd78bf55fdd99

    • SSDEEP

      12288:EMrmy90g780S5OoLTK2fRi8rFSPKDXVUm6g0TFWcF:qy60S5DcPK3vMF

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks