General

  • Target

    db08ceb7774d4313593607d0940166a34b23f820b0c3ae6f0bf3fdf1efc9c1fb

  • Size

    814KB

  • Sample

    241110-bt9pxswfmm

  • MD5

    79757af02d2983836ac7701cfd872e6c

  • SHA1

    483c12e81cd65d013144a6fd3e6432b92e6dc656

  • SHA256

    db08ceb7774d4313593607d0940166a34b23f820b0c3ae6f0bf3fdf1efc9c1fb

  • SHA512

    4bfb486744e279f931967a2e3c84f3a2f2a431537d8a1fd8bc25ca036d2b29e4dd5623d95e2f2bba9d50c3e104e0b1ba5deafca6a42b83f6981e0ec649031353

  • SSDEEP

    24576:zy1mvHd919R7YZbXVWVTbMyDkoUoM41Xeee:GIv99voqT1Ke

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

diza

C2

77.91.124.145:4125

Attributes
  • auth_value

    bbab0d2f0ae4d4fdd6b17077d93b3e80

Targets

    • Target

      db08ceb7774d4313593607d0940166a34b23f820b0c3ae6f0bf3fdf1efc9c1fb

    • Size

      814KB

    • MD5

      79757af02d2983836ac7701cfd872e6c

    • SHA1

      483c12e81cd65d013144a6fd3e6432b92e6dc656

    • SHA256

      db08ceb7774d4313593607d0940166a34b23f820b0c3ae6f0bf3fdf1efc9c1fb

    • SHA512

      4bfb486744e279f931967a2e3c84f3a2f2a431537d8a1fd8bc25ca036d2b29e4dd5623d95e2f2bba9d50c3e104e0b1ba5deafca6a42b83f6981e0ec649031353

    • SSDEEP

      24576:zy1mvHd919R7YZbXVWVTbMyDkoUoM41Xeee:GIv99voqT1Ke

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks