General

  • Target

    4760fa24d276af467faede111c0994894b82fd3bb7268b081fc707de19231a5d

  • Size

    731KB

  • Sample

    241110-wcwrys1gkp

  • MD5

    959e4e1aeb9edff281c590c39e6312f7

  • SHA1

    6987cfe1b02afe2c52b345e284af58a53d1ddcb6

  • SHA256

    4760fa24d276af467faede111c0994894b82fd3bb7268b081fc707de19231a5d

  • SHA512

    81cb55e900595edddd67116c6ccdad9e66d4f874c50f02209f3a728192d6caba6d44b9243ac961f9f37109cdf4861caef9a473a0c00ec2b5687cf4bb687931a8

  • SSDEEP

    12288:SMrMy90E22/LT7Y6qZgxOR1waN+AtT2bF78f1oYIeFHzttkS:CyL2WYwxOR/NDtTMselelzttN

Malware Config

Extracted

Family

redline

Botnet

dars

C2

83.97.73.127:19045

Attributes
  • auth_value

    7cd208e6b6c927262304d5d4d88647fd

Targets

    • Target

      4760fa24d276af467faede111c0994894b82fd3bb7268b081fc707de19231a5d

    • Size

      731KB

    • MD5

      959e4e1aeb9edff281c590c39e6312f7

    • SHA1

      6987cfe1b02afe2c52b345e284af58a53d1ddcb6

    • SHA256

      4760fa24d276af467faede111c0994894b82fd3bb7268b081fc707de19231a5d

    • SHA512

      81cb55e900595edddd67116c6ccdad9e66d4f874c50f02209f3a728192d6caba6d44b9243ac961f9f37109cdf4861caef9a473a0c00ec2b5687cf4bb687931a8

    • SSDEEP

      12288:SMrMy90E22/LT7Y6qZgxOR1waN+AtT2bF78f1oYIeFHzttkS:CyL2WYwxOR/NDtTMselelzttN

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks