General

  • Target

    97e534614e0770fa2c6082cc9c32ee45af6952da0dc7f6ff6e76381b6adddb20

  • Size

    661KB

  • Sample

    241110-a5wrrswblr

  • MD5

    ff6f477ed88269974cdce01586c282ab

  • SHA1

    39538b16c59f29e55713ac0162299617bd5654e5

  • SHA256

    97e534614e0770fa2c6082cc9c32ee45af6952da0dc7f6ff6e76381b6adddb20

  • SHA512

    e074a0a8af98dab1d56c3463e92e28f643900371adca4e0f6f890f5c2cce4bfbb74f481032d731b643c10ea23f6cbdc6c24c38a215a98cac8fb5b32cfad477f6

  • SSDEEP

    12288:UMruy90V1TBoK8iMLp2/G1Sh3X7rS0vCL:aygBrXu28+bZaL

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Targets

    • Target

      97e534614e0770fa2c6082cc9c32ee45af6952da0dc7f6ff6e76381b6adddb20

    • Size

      661KB

    • MD5

      ff6f477ed88269974cdce01586c282ab

    • SHA1

      39538b16c59f29e55713ac0162299617bd5654e5

    • SHA256

      97e534614e0770fa2c6082cc9c32ee45af6952da0dc7f6ff6e76381b6adddb20

    • SHA512

      e074a0a8af98dab1d56c3463e92e28f643900371adca4e0f6f890f5c2cce4bfbb74f481032d731b643c10ea23f6cbdc6c24c38a215a98cac8fb5b32cfad477f6

    • SSDEEP

      12288:UMruy90V1TBoK8iMLp2/G1Sh3X7rS0vCL:aygBrXu28+bZaL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks