General

  • Target

    920ba4b1f62099be0f21d4cdce93ed146a9d188008c697327662f1c6ff2e00f5

  • Size

    925KB

  • Sample

    241111-hsjknsverp

  • MD5

    4ad340e283591e58d713fb1d4f9f2065

  • SHA1

    3cd6a444cb6874f11c6fb3b08c1f085a14ad92f7

  • SHA256

    920ba4b1f62099be0f21d4cdce93ed146a9d188008c697327662f1c6ff2e00f5

  • SHA512

    4d81bd5960c300919736d5656d958be048acf711787d72354b98ca6095496330f7ef1487677b36176270cb91a20e6cb494fafd3c65424656f331a3e7c7fa375a

  • SSDEEP

    24576:fyMXwJjPctCAfZ3T87sa38PAHm8DWLgu/AuvRDuntzR71v:qpRP+f1T8wa3IAHm8KgovvQn771

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

dezik

C2

77.91.124.145:4125

Attributes
  • auth_value

    afab3a79f84bd5003ef2824211bcf14e

Targets

    • Target

      920ba4b1f62099be0f21d4cdce93ed146a9d188008c697327662f1c6ff2e00f5

    • Size

      925KB

    • MD5

      4ad340e283591e58d713fb1d4f9f2065

    • SHA1

      3cd6a444cb6874f11c6fb3b08c1f085a14ad92f7

    • SHA256

      920ba4b1f62099be0f21d4cdce93ed146a9d188008c697327662f1c6ff2e00f5

    • SHA512

      4d81bd5960c300919736d5656d958be048acf711787d72354b98ca6095496330f7ef1487677b36176270cb91a20e6cb494fafd3c65424656f331a3e7c7fa375a

    • SSDEEP

      24576:fyMXwJjPctCAfZ3T87sa38PAHm8DWLgu/AuvRDuntzR71v:qpRP+f1T8wa3IAHm8KgovvQn771

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks