General

  • Target

    6f71ec82ecc4821aa95c65b0e3217b30be53978a6d004d9f876ba353733404b4

  • Size

    730KB

  • Sample

    241110-tclwmszgke

  • MD5

    1f1c6b538393215b3d777c1d6446ae3a

  • SHA1

    531cbc05927b83781c954520bc510bdb81f688a0

  • SHA256

    6f71ec82ecc4821aa95c65b0e3217b30be53978a6d004d9f876ba353733404b4

  • SHA512

    3edeafb2db8c7e4b7e4a44504d1339b12a204c83d9d306fc858ef77bbb8461322a953f34bc96026f55a7a786e2a9db283b933a79707f247bc8c7c0a5f7b373a8

  • SSDEEP

    12288:rMray90FS5SFLMa9gJvvV1P3bNdxtv0CmU+l2+Re8j4d+T3PQZkhi:lyKS8FLMNP3bZtlCReuukhi

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      6f71ec82ecc4821aa95c65b0e3217b30be53978a6d004d9f876ba353733404b4

    • Size

      730KB

    • MD5

      1f1c6b538393215b3d777c1d6446ae3a

    • SHA1

      531cbc05927b83781c954520bc510bdb81f688a0

    • SHA256

      6f71ec82ecc4821aa95c65b0e3217b30be53978a6d004d9f876ba353733404b4

    • SHA512

      3edeafb2db8c7e4b7e4a44504d1339b12a204c83d9d306fc858ef77bbb8461322a953f34bc96026f55a7a786e2a9db283b933a79707f247bc8c7c0a5f7b373a8

    • SSDEEP

      12288:rMray90FS5SFLMa9gJvvV1P3bNdxtv0CmU+l2+Re8j4d+T3PQZkhi:lyKS8FLMNP3bZtlCReuukhi

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks