General

  • Target

    60c343482f2c3e20fd4a771bcd3970d4ca3d31d2461a17046954a0d0cbf441c1

  • Size

    752KB

  • Sample

    241110-l525bsxqap

  • MD5

    2dde023a89d3096f091776633e1c9885

  • SHA1

    ead0cc6a9791113c252d552de6bb2400d5fed326

  • SHA256

    60c343482f2c3e20fd4a771bcd3970d4ca3d31d2461a17046954a0d0cbf441c1

  • SHA512

    b131f99c93b5fe7344027f6ac2c3171764706075867226bcd90a537a91904746b0212218b6edc4f8ab63a5804f72500ab53062a8e4ef2d3a8794fcfea0b8d860

  • SSDEEP

    12288:TMrXy90AIwz2wBm4NzYJgpZxJrugwEolhI+t1HJju3A446p5hvJWQ7HR9IQyKnBM:8yNB2wFYJcPZwE9+tZJjBk5hv133Ut

Malware Config

Extracted

Family

redline

Botnet

mars

C2

83.97.73.127:19045

Attributes
  • auth_value

    91bd3682cfb50cdc64b6009eb977b766

Targets

    • Target

      60c343482f2c3e20fd4a771bcd3970d4ca3d31d2461a17046954a0d0cbf441c1

    • Size

      752KB

    • MD5

      2dde023a89d3096f091776633e1c9885

    • SHA1

      ead0cc6a9791113c252d552de6bb2400d5fed326

    • SHA256

      60c343482f2c3e20fd4a771bcd3970d4ca3d31d2461a17046954a0d0cbf441c1

    • SHA512

      b131f99c93b5fe7344027f6ac2c3171764706075867226bcd90a537a91904746b0212218b6edc4f8ab63a5804f72500ab53062a8e4ef2d3a8794fcfea0b8d860

    • SSDEEP

      12288:TMrXy90AIwz2wBm4NzYJgpZxJrugwEolhI+t1HJju3A446p5hvJWQ7HR9IQyKnBM:8yNB2wFYJcPZwE9+tZJjBk5hv133Ut

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks