General

  • Target

    73bd682b43cdd552a51c741bd620bc0bf62542149de4f8243dcd29ab2cb10d0a.exe

  • Size

    790KB

  • Sample

    241113-yqpa5s1qgm

  • MD5

    a170040b00ccf84b37a43a86222acd28

  • SHA1

    722a7329052f7c4d1be13ea7a8ac4d336408017b

  • SHA256

    73bd682b43cdd552a51c741bd620bc0bf62542149de4f8243dcd29ab2cb10d0a

  • SHA512

    260b67ad2dcfd94eb58a92a24f17f51fc75795e71e42143df9e01f351a75f316c8b206c814e2f584308c356e99b733f8b70b24adf56f726e24d652e1f06f65a5

  • SSDEEP

    12288:wMr8y905HHLOcIwaD6QEX1sLuxaMxrcgTFAfEieWUVPsBAIDA/i:cyKOcxabyiolx71POAIDA/i

Malware Config

Extracted

Family

redline

Botnet

norm

C2

77.91.124.145:4125

Attributes
  • auth_value

    1514e6c0ec3d10a36f68f61b206f5759

Extracted

Family

redline

Botnet

diza

C2

77.91.124.145:4125

Attributes
  • auth_value

    bbab0d2f0ae4d4fdd6b17077d93b3e80

Targets

    • Target

      73bd682b43cdd552a51c741bd620bc0bf62542149de4f8243dcd29ab2cb10d0a.exe

    • Size

      790KB

    • MD5

      a170040b00ccf84b37a43a86222acd28

    • SHA1

      722a7329052f7c4d1be13ea7a8ac4d336408017b

    • SHA256

      73bd682b43cdd552a51c741bd620bc0bf62542149de4f8243dcd29ab2cb10d0a

    • SHA512

      260b67ad2dcfd94eb58a92a24f17f51fc75795e71e42143df9e01f351a75f316c8b206c814e2f584308c356e99b733f8b70b24adf56f726e24d652e1f06f65a5

    • SSDEEP

      12288:wMr8y905HHLOcIwaD6QEX1sLuxaMxrcgTFAfEieWUVPsBAIDA/i:cyKOcxabyiolx71POAIDA/i

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks