General

  • Target

    b9b5a6ff31e4f9c42391a16423c592a1141cb0a7cec80080ddeaf252dd487082

  • Size

    658KB

  • Sample

    241104-qp589s1bkn

  • MD5

    ac93827aec4c95204707afb08f6f4329

  • SHA1

    45799ca5a063f5530793016df973777300c8c6d5

  • SHA256

    b9b5a6ff31e4f9c42391a16423c592a1141cb0a7cec80080ddeaf252dd487082

  • SHA512

    242ad798ad40a171ebb0eb540e50721b76dffcd39f22c8ce62b9106c6a37c0f64765d6459e87905d2580e4711dc3082e08a5bb8a253cf43710d956380578fb68

  • SSDEEP

    12288:0Mrhy90TCfs7UBqGkMEZzFM06bhuN0FF+LArBzl:VyQ8qGgpMFb8qFhrr

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      b9b5a6ff31e4f9c42391a16423c592a1141cb0a7cec80080ddeaf252dd487082

    • Size

      658KB

    • MD5

      ac93827aec4c95204707afb08f6f4329

    • SHA1

      45799ca5a063f5530793016df973777300c8c6d5

    • SHA256

      b9b5a6ff31e4f9c42391a16423c592a1141cb0a7cec80080ddeaf252dd487082

    • SHA512

      242ad798ad40a171ebb0eb540e50721b76dffcd39f22c8ce62b9106c6a37c0f64765d6459e87905d2580e4711dc3082e08a5bb8a253cf43710d956380578fb68

    • SSDEEP

      12288:0Mrhy90TCfs7UBqGkMEZzFM06bhuN0FF+LArBzl:VyQ8qGgpMFb8qFhrr

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks