General

  • Target

    aad8579cc21d84df42f797284a53b5e496cafec9968c2e85a5114eeafa1a3975

  • Size

    957KB

  • Sample

    241110-ea1jpayfnm

  • MD5

    87231155504691baf4b1f5b47836a373

  • SHA1

    cb05c2603930a1617797538bde7c9b54c34f875c

  • SHA256

    aad8579cc21d84df42f797284a53b5e496cafec9968c2e85a5114eeafa1a3975

  • SHA512

    7b3ca2244dab3a178ed14acd5b2267ba0ada0d6667ca1d3a4ac631669245b5f97ef51a70a0ad3bc95c29ecd868dd953dca49c87b02c80a696b08e92e70bbd5ec

  • SSDEEP

    24576:tyrFat79nkZ1k36LVcgYljV6t9ba170vl3L7M0uy:IrFC9kk3yYlca1qZLA

Malware Config

Extracted

Family

redline

Botnet

dark

C2

185.161.248.73:4164

Attributes
  • auth_value

    ae85b01f66afe8770afeed560513fc2d

Targets

    • Target

      aad8579cc21d84df42f797284a53b5e496cafec9968c2e85a5114eeafa1a3975

    • Size

      957KB

    • MD5

      87231155504691baf4b1f5b47836a373

    • SHA1

      cb05c2603930a1617797538bde7c9b54c34f875c

    • SHA256

      aad8579cc21d84df42f797284a53b5e496cafec9968c2e85a5114eeafa1a3975

    • SHA512

      7b3ca2244dab3a178ed14acd5b2267ba0ada0d6667ca1d3a4ac631669245b5f97ef51a70a0ad3bc95c29ecd868dd953dca49c87b02c80a696b08e92e70bbd5ec

    • SSDEEP

      24576:tyrFat79nkZ1k36LVcgYljV6t9ba170vl3L7M0uy:IrFC9kk3yYlca1qZLA

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks