General

  • Target

    f30d5d1575073941a796c5f6c5f7edbcd1ff83940da47fc66755531595162a9e

  • Size

    731KB

  • Sample

    241109-psh3gavbjk

  • MD5

    a65ce569102273b446f305dd485535da

  • SHA1

    c4bc30982dd1782aa1419ec94c1926da452f6908

  • SHA256

    f30d5d1575073941a796c5f6c5f7edbcd1ff83940da47fc66755531595162a9e

  • SHA512

    be4f4f6c63d958cb6f97eb4b2a399a7da5ad64bd19b33c3b8368eda2842caa3d6c419b2d5018477618bfcb85f1d0310c67db5e47b3accc155677d0e516ff85e8

  • SSDEEP

    12288:nMrHy90tQqYg7izU+W6kXv/p2DDQt18rSYts/wnC8gdmX8PRrr66+2gp:Aye/uz3W6kXv/uDQtsqwnBkf6xR

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      f30d5d1575073941a796c5f6c5f7edbcd1ff83940da47fc66755531595162a9e

    • Size

      731KB

    • MD5

      a65ce569102273b446f305dd485535da

    • SHA1

      c4bc30982dd1782aa1419ec94c1926da452f6908

    • SHA256

      f30d5d1575073941a796c5f6c5f7edbcd1ff83940da47fc66755531595162a9e

    • SHA512

      be4f4f6c63d958cb6f97eb4b2a399a7da5ad64bd19b33c3b8368eda2842caa3d6c419b2d5018477618bfcb85f1d0310c67db5e47b3accc155677d0e516ff85e8

    • SSDEEP

      12288:nMrHy90tQqYg7izU+W6kXv/p2DDQt18rSYts/wnC8gdmX8PRrr66+2gp:Aye/uz3W6kXv/uDQtsqwnBkf6xR

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks