General

  • Target

    388bff2ef43f771aaae203c58b7ba6060954aa8445b056a38c64da7624da1743

  • Size

    956KB

  • Sample

    241109-y1zvmatqbp

  • MD5

    357e2051a5f97d4d1667ef1862d354e8

  • SHA1

    4a2d72562cb740eb4715270714f4c1f521d5396f

  • SHA256

    388bff2ef43f771aaae203c58b7ba6060954aa8445b056a38c64da7624da1743

  • SHA512

    e319b722530588f7f015386d865b06dcb134673dea5e5e3769b90d9b510f46f166d231f7bc29275ee19bafc2ab69a744632fb3a20688e4ae22af93e2c2854a11

  • SSDEEP

    24576:kyWvLciR0EF9NPnkC6Gs3hug221MArfF8ThSh3N:zMcc9NvkCe3hm21FN8s

Malware Config

Extracted

Family

redline

Botnet

dark

C2

185.161.248.73:4164

Attributes
  • auth_value

    ae85b01f66afe8770afeed560513fc2d

Targets

    • Target

      388bff2ef43f771aaae203c58b7ba6060954aa8445b056a38c64da7624da1743

    • Size

      956KB

    • MD5

      357e2051a5f97d4d1667ef1862d354e8

    • SHA1

      4a2d72562cb740eb4715270714f4c1f521d5396f

    • SHA256

      388bff2ef43f771aaae203c58b7ba6060954aa8445b056a38c64da7624da1743

    • SHA512

      e319b722530588f7f015386d865b06dcb134673dea5e5e3769b90d9b510f46f166d231f7bc29275ee19bafc2ab69a744632fb3a20688e4ae22af93e2c2854a11

    • SSDEEP

      24576:kyWvLciR0EF9NPnkC6Gs3hug221MArfF8ThSh3N:zMcc9NvkCe3hm21FN8s

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks