General

  • Target

    5d410bebaae63271e1a2559ac3332b8be6fcfd05b684da22e223696025acd1c1.exe

  • Size

    863KB

  • Sample

    241119-chhmqszcqm

  • MD5

    7ed33175b00a254cb387ef5f6735504c

  • SHA1

    0e2ba58bd76c25d36da416898e101c470fc32fe9

  • SHA256

    5d410bebaae63271e1a2559ac3332b8be6fcfd05b684da22e223696025acd1c1

  • SHA512

    bff741b1c7fe3ba614a3655205ecc1dbb8ff24db110f2db3706652fbe084d8b4464e5fe84f2a95b878aa4d379b0b1a6d59aa323b0e80019388fe7e9f4923f41f

  • SSDEEP

    12288:wMrYy90QUtcCVhcyaXJ/rMXEuNoe2eCEzq5+5XEbn6bZ+/Y9G0TZPl3da40:4yUlcZZTMXRNoeNHqoVEb6k/yl5pdv0

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Extracted

Family

redline

Botnet

diza

C2

185.161.248.90:4125

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      5d410bebaae63271e1a2559ac3332b8be6fcfd05b684da22e223696025acd1c1.exe

    • Size

      863KB

    • MD5

      7ed33175b00a254cb387ef5f6735504c

    • SHA1

      0e2ba58bd76c25d36da416898e101c470fc32fe9

    • SHA256

      5d410bebaae63271e1a2559ac3332b8be6fcfd05b684da22e223696025acd1c1

    • SHA512

      bff741b1c7fe3ba614a3655205ecc1dbb8ff24db110f2db3706652fbe084d8b4464e5fe84f2a95b878aa4d379b0b1a6d59aa323b0e80019388fe7e9f4923f41f

    • SSDEEP

      12288:wMrYy90QUtcCVhcyaXJ/rMXEuNoe2eCEzq5+5XEbn6bZ+/Y9G0TZPl3da40:4yUlcZZTMXRNoeNHqoVEb6k/yl5pdv0

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks