General

  • Target

    0b333921f871b3b9150e131bfea6d85f45c122ac74bd57311ff6eb4850849178

  • Size

    650KB

  • Sample

    241110-avmq4swarc

  • MD5

    d30beba7a6036791e2f7ecd9fff402f2

  • SHA1

    d3a4b8f2a726b98b739ed5234b3837bf78988d68

  • SHA256

    0b333921f871b3b9150e131bfea6d85f45c122ac74bd57311ff6eb4850849178

  • SHA512

    eb5cc164cbdb83f2abfb74c765e7a7bff702e5ae1042e7b84b96ccc4a551f6dc8958abe6a5488f1325553bcdbc780810be39d0016ba6659b25d52a11ec6fb26e

  • SSDEEP

    12288:YMroy90ZWPNkEVq0eu9n4pp/83+0k7Rd7dAmEZtlav8QBt73SsIu:wyE4uv/83+0kPOmg2U4tDSsx

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

diza

C2

77.91.124.145:4125

Attributes
  • auth_value

    bbab0d2f0ae4d4fdd6b17077d93b3e80

Targets

    • Target

      0b333921f871b3b9150e131bfea6d85f45c122ac74bd57311ff6eb4850849178

    • Size

      650KB

    • MD5

      d30beba7a6036791e2f7ecd9fff402f2

    • SHA1

      d3a4b8f2a726b98b739ed5234b3837bf78988d68

    • SHA256

      0b333921f871b3b9150e131bfea6d85f45c122ac74bd57311ff6eb4850849178

    • SHA512

      eb5cc164cbdb83f2abfb74c765e7a7bff702e5ae1042e7b84b96ccc4a551f6dc8958abe6a5488f1325553bcdbc780810be39d0016ba6659b25d52a11ec6fb26e

    • SSDEEP

      12288:YMroy90ZWPNkEVq0eu9n4pp/83+0k7Rd7dAmEZtlav8QBt73SsIu:wyE4uv/83+0kPOmg2U4tDSsx

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks