General

  • Target

    f433958487158ef6a3f9271c3474c265781c6e5b410ad5446fc02844a9bb5165

  • Size

    549KB

  • Sample

    241104-qpqtkszkbw

  • MD5

    07e33e9238f6c0d667f45cb210bbe2d5

  • SHA1

    0db0287f66e08d509c74c1ab51fb56bddbdad14d

  • SHA256

    f433958487158ef6a3f9271c3474c265781c6e5b410ad5446fc02844a9bb5165

  • SHA512

    9ac2370a07710e9af3b0fa9ac52fd6ec9eb4648573cf6f06840f679b1f965a557e4894ff557c3d1a2413a59affc0785720da260414583215c3ca02ff415954f4

  • SSDEEP

    12288:VMrYy90isPEwhts5jnLggW+RdIvYQmKSVXcxWk:FykthOpnLggW+IQi9

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      f433958487158ef6a3f9271c3474c265781c6e5b410ad5446fc02844a9bb5165

    • Size

      549KB

    • MD5

      07e33e9238f6c0d667f45cb210bbe2d5

    • SHA1

      0db0287f66e08d509c74c1ab51fb56bddbdad14d

    • SHA256

      f433958487158ef6a3f9271c3474c265781c6e5b410ad5446fc02844a9bb5165

    • SHA512

      9ac2370a07710e9af3b0fa9ac52fd6ec9eb4648573cf6f06840f679b1f965a557e4894ff557c3d1a2413a59affc0785720da260414583215c3ca02ff415954f4

    • SSDEEP

      12288:VMrYy90isPEwhts5jnLggW+RdIvYQmKSVXcxWk:FykthOpnLggW+IQi9

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks