General

  • Target

    161d8cd3f6f30ed7eeb5db8ca2b4d3d5b0e19f721175e3dbf5c04ee1155626f8

  • Size

    1.2MB

  • Sample

    241110-bv61esyrgn

  • MD5

    65f47713a73156d69e3a5f3c6fdeab55

  • SHA1

    ddddadb3ac1b1d49d9bd42ef3bc782536d5acd81

  • SHA256

    161d8cd3f6f30ed7eeb5db8ca2b4d3d5b0e19f721175e3dbf5c04ee1155626f8

  • SHA512

    aa36ee2f52f8e17e938b9db662b05eb155f4ad405c30eedb9e1f83c87c9540ce8db06bdca08071628bb48fb23ce493df8c133d26819a0f58f5e94df80a040caa

  • SSDEEP

    24576:XybGVqieoRM9QatlZEefRs+8Ssc3z2Sl33eP50CnKR1oa:ibGkieoOdjXf+PZc3z2y3jV

Malware Config

Extracted

Family

redline

Botnet

masta

C2

185.161.248.75:4132

Attributes
  • auth_value

    57f23b6b74d0f680c5a0c8ac9f52bd75

Targets

    • Target

      161d8cd3f6f30ed7eeb5db8ca2b4d3d5b0e19f721175e3dbf5c04ee1155626f8

    • Size

      1.2MB

    • MD5

      65f47713a73156d69e3a5f3c6fdeab55

    • SHA1

      ddddadb3ac1b1d49d9bd42ef3bc782536d5acd81

    • SHA256

      161d8cd3f6f30ed7eeb5db8ca2b4d3d5b0e19f721175e3dbf5c04ee1155626f8

    • SHA512

      aa36ee2f52f8e17e938b9db662b05eb155f4ad405c30eedb9e1f83c87c9540ce8db06bdca08071628bb48fb23ce493df8c133d26819a0f58f5e94df80a040caa

    • SSDEEP

      24576:XybGVqieoRM9QatlZEefRs+8Ssc3z2Sl33eP50CnKR1oa:ibGkieoOdjXf+PZc3z2y3jV

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks