General

  • Target

    468427dd7bd78910e0b511e07a58c9e53897560ebd553ff3bb8330e9a6cfc95e

  • Size

    1.1MB

  • Sample

    241110-b7agzswlfy

  • MD5

    cb9940bf4bb63172289a65b954a5b487

  • SHA1

    43cc0fa3a63ec8adf0d9662185729ee7e5a0cadb

  • SHA256

    468427dd7bd78910e0b511e07a58c9e53897560ebd553ff3bb8330e9a6cfc95e

  • SHA512

    554bc60218001c7f9e51e88ca0ea658ad328ceede4cdb4f5869decdf38ceb551b25362cc118d71b2bb300cbd609bead922cc7dc2cb37dda608bccc9069453104

  • SSDEEP

    24576:tyh3mA4B8wcTO9PfU31KzHRfNf+YouCUtvB+Z0:Ih3m1cO9nU3AHb2tUpg

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

diza

C2

185.161.248.90:4125

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      468427dd7bd78910e0b511e07a58c9e53897560ebd553ff3bb8330e9a6cfc95e

    • Size

      1.1MB

    • MD5

      cb9940bf4bb63172289a65b954a5b487

    • SHA1

      43cc0fa3a63ec8adf0d9662185729ee7e5a0cadb

    • SHA256

      468427dd7bd78910e0b511e07a58c9e53897560ebd553ff3bb8330e9a6cfc95e

    • SHA512

      554bc60218001c7f9e51e88ca0ea658ad328ceede4cdb4f5869decdf38ceb551b25362cc118d71b2bb300cbd609bead922cc7dc2cb37dda608bccc9069453104

    • SSDEEP

      24576:tyh3mA4B8wcTO9PfU31KzHRfNf+YouCUtvB+Z0:Ih3m1cO9nU3AHb2tUpg

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks