General

  • Target

    c7a837ea07268c206368d149f5c822e3894598d3ec5ba5825268fe75e8a0a545

  • Size

    660KB

  • Sample

    241110-b3yn1sxanc

  • MD5

    a93b70ec975d5a9cd6a3b0ff61ee5a26

  • SHA1

    683a62d5f0c0a14d85cd8e85b90fbf1117753cbe

  • SHA256

    c7a837ea07268c206368d149f5c822e3894598d3ec5ba5825268fe75e8a0a545

  • SHA512

    2aedcf6da35d89eae39ced624fd5637f242ca8d21af64161d77d57ab8e5586acfe0ccd76fabac55c50b9ef12c955e8d92859dde507cab0f0da8c8b1cda8f7d6a

  • SSDEEP

    12288:cMrGy90Do1JpEEa5d32cC2MO0Jx2ohwTet8y51ovymM1/ITg/h1pDwDNY:Cy8o1ZydmjLwS8y51ovymoUs1pkO

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

dozt

C2

77.91.124.145:4125

Attributes
  • auth_value

    857bdfe4fa14711025859d89f18b32cb

Targets

    • Target

      c7a837ea07268c206368d149f5c822e3894598d3ec5ba5825268fe75e8a0a545

    • Size

      660KB

    • MD5

      a93b70ec975d5a9cd6a3b0ff61ee5a26

    • SHA1

      683a62d5f0c0a14d85cd8e85b90fbf1117753cbe

    • SHA256

      c7a837ea07268c206368d149f5c822e3894598d3ec5ba5825268fe75e8a0a545

    • SHA512

      2aedcf6da35d89eae39ced624fd5637f242ca8d21af64161d77d57ab8e5586acfe0ccd76fabac55c50b9ef12c955e8d92859dde507cab0f0da8c8b1cda8f7d6a

    • SSDEEP

      12288:cMrGy90Do1JpEEa5d32cC2MO0Jx2ohwTet8y51ovymM1/ITg/h1pDwDNY:Cy8o1ZydmjLwS8y51ovymoUs1pkO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks