General

  • Target

    484e71bec3033251744475054e28d6cd1f63b38247bfeaba31d6c3699980c093

  • Size

    731KB

  • Sample

    241110-d6rqzs1rhr

  • MD5

    c1318c53789ee47959e898d6247c7b1b

  • SHA1

    8b7bce5a719b8db8feabeffacd1e3986ad0ab2a2

  • SHA256

    484e71bec3033251744475054e28d6cd1f63b38247bfeaba31d6c3699980c093

  • SHA512

    f4a31f82b758926396916e7634ed610da6349024bb82ae389a4b3b81a78f8f826b161db30ebabd3868b6e0e01099375424cd5699fe8e59cc3e822a451e8a1e74

  • SSDEEP

    12288:GMroy901eji3r0ZUaaTzX5F0A+X9/1nj8eQth+U06cnx:yys170ZHY0A+tZtQthV06cx

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      484e71bec3033251744475054e28d6cd1f63b38247bfeaba31d6c3699980c093

    • Size

      731KB

    • MD5

      c1318c53789ee47959e898d6247c7b1b

    • SHA1

      8b7bce5a719b8db8feabeffacd1e3986ad0ab2a2

    • SHA256

      484e71bec3033251744475054e28d6cd1f63b38247bfeaba31d6c3699980c093

    • SHA512

      f4a31f82b758926396916e7634ed610da6349024bb82ae389a4b3b81a78f8f826b161db30ebabd3868b6e0e01099375424cd5699fe8e59cc3e822a451e8a1e74

    • SSDEEP

      12288:GMroy901eji3r0ZUaaTzX5F0A+X9/1nj8eQth+U06cnx:yys170ZHY0A+tZtQthV06cx

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks