General

  • Target

    73d2402772631f22bbf4e752b9f9be66d9071c4ceb8a57e135404ee81d007743

  • Size

    1.0MB

  • Sample

    241110-eh7yqsslcn

  • MD5

    bc6443621abf90d02c61670e330dea71

  • SHA1

    e6b5892a335e50340313c601ca9566f18c6bf254

  • SHA256

    73d2402772631f22bbf4e752b9f9be66d9071c4ceb8a57e135404ee81d007743

  • SHA512

    ecb63c34ae21f642ab88e87cc6e7908ad6781f4dfc3dcf209fc371832839d4ff2e5a62cf8bb06e9e9604dbbd11ec222f8b6bed0c0578c7c21f34f1c44f5a53e8

  • SSDEEP

    24576:uynTSRx4hhWhM047yLQ6pxlbmea+6ZFwVRFpEOiWSv5BC+nOHGo9KK:9nTG4rS47yLhpfbApKpEOiWSHC+nO

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

dizon

C2

77.91.124.145:4125

Attributes
  • auth_value

    047038ed6238aaee09c368831591e935

Targets

    • Target

      73d2402772631f22bbf4e752b9f9be66d9071c4ceb8a57e135404ee81d007743

    • Size

      1.0MB

    • MD5

      bc6443621abf90d02c61670e330dea71

    • SHA1

      e6b5892a335e50340313c601ca9566f18c6bf254

    • SHA256

      73d2402772631f22bbf4e752b9f9be66d9071c4ceb8a57e135404ee81d007743

    • SHA512

      ecb63c34ae21f642ab88e87cc6e7908ad6781f4dfc3dcf209fc371832839d4ff2e5a62cf8bb06e9e9604dbbd11ec222f8b6bed0c0578c7c21f34f1c44f5a53e8

    • SSDEEP

      24576:uynTSRx4hhWhM047yLQ6pxlbmea+6ZFwVRFpEOiWSv5BC+nOHGo9KK:9nTG4rS47yLhpfbApKpEOiWSHC+nO

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks