General

  • Target

    d74a505641a425d7e19eb3ed4e2c51051c205b9cb5cd3896fcc7c2937416eec4

  • Size

    657KB

  • Sample

    241030-1jcd4szqhv

  • MD5

    53aeb57a80297336b726fe0a5233b348

  • SHA1

    de49f7dc5bbd8ff6d2c2413638b161ad3da09cf8

  • SHA256

    d74a505641a425d7e19eb3ed4e2c51051c205b9cb5cd3896fcc7c2937416eec4

  • SHA512

    6a9327672e6daf3284d27fa36780fec6b083012167ce510305c30b87147c30e7e41950b144dcf8b203e627cfe9a393d1e194ba752a32627970d6536b60e95463

  • SSDEEP

    12288:dMrby90F8GP+laF7Azs/iIp9+16lcbsnGDH0RvkpUZo:eyi8GPCaF7Azu3PcbKeHgcpUm

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      d74a505641a425d7e19eb3ed4e2c51051c205b9cb5cd3896fcc7c2937416eec4

    • Size

      657KB

    • MD5

      53aeb57a80297336b726fe0a5233b348

    • SHA1

      de49f7dc5bbd8ff6d2c2413638b161ad3da09cf8

    • SHA256

      d74a505641a425d7e19eb3ed4e2c51051c205b9cb5cd3896fcc7c2937416eec4

    • SHA512

      6a9327672e6daf3284d27fa36780fec6b083012167ce510305c30b87147c30e7e41950b144dcf8b203e627cfe9a393d1e194ba752a32627970d6536b60e95463

    • SSDEEP

      12288:dMrby90F8GP+laF7Azs/iIp9+16lcbsnGDH0RvkpUZo:eyi8GPCaF7Azu3PcbKeHgcpUm

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks