General

  • Target

    7748842dbf5f9735f02470cb5cb1e50b9d35fd5bee75f12698bf7a5cbab0b187

  • Size

    699KB

  • Sample

    241104-12vy6sybqf

  • MD5

    a300d8a746b689d48b65497884c93cae

  • SHA1

    c9058b83eec8f0681a1fa36f568921e37d43e555

  • SHA256

    7748842dbf5f9735f02470cb5cb1e50b9d35fd5bee75f12698bf7a5cbab0b187

  • SHA512

    7bc04c96345b927c6d5ddd68d59a23656d3022ff2a82643e327b3e49d7590994726e87f112e1b66d46b61c8943b7ce1950c84ebe0e163308c82b21567c29252d

  • SSDEEP

    12288:rMrPy90lChjOLqLb1lSJN/PKk/H4AeWNmet8Y53sO8zo/Xy2lVNGXKxx:UyPhe4bSJNK04qUfOOoPy2hRxx

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      7748842dbf5f9735f02470cb5cb1e50b9d35fd5bee75f12698bf7a5cbab0b187

    • Size

      699KB

    • MD5

      a300d8a746b689d48b65497884c93cae

    • SHA1

      c9058b83eec8f0681a1fa36f568921e37d43e555

    • SHA256

      7748842dbf5f9735f02470cb5cb1e50b9d35fd5bee75f12698bf7a5cbab0b187

    • SHA512

      7bc04c96345b927c6d5ddd68d59a23656d3022ff2a82643e327b3e49d7590994726e87f112e1b66d46b61c8943b7ce1950c84ebe0e163308c82b21567c29252d

    • SSDEEP

      12288:rMrPy90lChjOLqLb1lSJN/PKk/H4AeWNmet8Y53sO8zo/Xy2lVNGXKxx:UyPhe4bSJNK04qUfOOoPy2hRxx

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks