General

  • Target

    40e4d26298dbab4c1ddfeb70a02df8664e825e699523251a81fea5ea137945ae

  • Size

    1.1MB

  • Sample

    241111-hscr5atrgt

  • MD5

    3b788aa226e60b0ddd82adaff65cf474

  • SHA1

    d3e2db31bab12e57855af3c96ebc8246c70f9cb5

  • SHA256

    40e4d26298dbab4c1ddfeb70a02df8664e825e699523251a81fea5ea137945ae

  • SHA512

    2a9d1b6f86c4ae69f84d8b98ef58aa1d20fe51be3afc62f537d4d62246bab25e7ab8fa97fe3639f5b21879bb7b5a1c8e4a78715915dd0e05c8e391288cf67d64

  • SSDEEP

    24576:6ymLEUS5xPPjbMGgkR049ZWfimoPUtQaSuaxFHZ7U5PQ0:BT1xPPvvn7JctxmDZ7U1Q

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

litor

C2

77.91.124.145:4125

Attributes
  • auth_value

    d39ced97dbbaa8eab490390c2e2a6a10

Targets

    • Target

      40e4d26298dbab4c1ddfeb70a02df8664e825e699523251a81fea5ea137945ae

    • Size

      1.1MB

    • MD5

      3b788aa226e60b0ddd82adaff65cf474

    • SHA1

      d3e2db31bab12e57855af3c96ebc8246c70f9cb5

    • SHA256

      40e4d26298dbab4c1ddfeb70a02df8664e825e699523251a81fea5ea137945ae

    • SHA512

      2a9d1b6f86c4ae69f84d8b98ef58aa1d20fe51be3afc62f537d4d62246bab25e7ab8fa97fe3639f5b21879bb7b5a1c8e4a78715915dd0e05c8e391288cf67d64

    • SSDEEP

      24576:6ymLEUS5xPPjbMGgkR049ZWfimoPUtQaSuaxFHZ7U5PQ0:BT1xPPvvn7JctxmDZ7U1Q

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks