General

  • Target

    206923902b4ba707dc18b2ead9f83999985c4d80a59dc7fa4778bec9de3403e6

  • Size

    507KB

  • Sample

    241112-y4yfza1aml

  • MD5

    657ac5cd0b45a6cee17b1f02a8e963cb

  • SHA1

    07a2cd8350e11d6322dda4f74c329dbbc9bec167

  • SHA256

    206923902b4ba707dc18b2ead9f83999985c4d80a59dc7fa4778bec9de3403e6

  • SHA512

    3f9a34c03fb3ebdca5845d622869e477c584f50d844c359a4aaa533571ba2a6c555f13588cc1df316b301f7ebf23afe3fb407c42d99e8eec488f66ceb31e47f8

  • SSDEEP

    12288:uMrfy90j/uq/USinu5NzcA7qkJhqhs2FRUD+CHB97zuVDn:hy2/R/GuLcA+kJv2FRCDB97zI

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Targets

    • Target

      206923902b4ba707dc18b2ead9f83999985c4d80a59dc7fa4778bec9de3403e6

    • Size

      507KB

    • MD5

      657ac5cd0b45a6cee17b1f02a8e963cb

    • SHA1

      07a2cd8350e11d6322dda4f74c329dbbc9bec167

    • SHA256

      206923902b4ba707dc18b2ead9f83999985c4d80a59dc7fa4778bec9de3403e6

    • SHA512

      3f9a34c03fb3ebdca5845d622869e477c584f50d844c359a4aaa533571ba2a6c555f13588cc1df316b301f7ebf23afe3fb407c42d99e8eec488f66ceb31e47f8

    • SSDEEP

      12288:uMrfy90j/uq/USinu5NzcA7qkJhqhs2FRUD+CHB97zuVDn:hy2/R/GuLcA+kJv2FRCDB97zI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks