General

  • Target

    d6e11fe4f0f58e243a429f8e1ce365f11aa62003d1a1f52c89ee2bfcefa47463

  • Size

    529KB

  • Sample

    241104-qtxgxssrbp

  • MD5

    d03484905e185f33bc8968b5d15954bf

  • SHA1

    3fe5e9a45baa800b7cdd0ecbc88c271962f12fd7

  • SHA256

    d6e11fe4f0f58e243a429f8e1ce365f11aa62003d1a1f52c89ee2bfcefa47463

  • SHA512

    a6509eac250d4b34c6e689dade4aad1fa717fe89a1f9698349fc39c9e3f543b6e9b31f37fb8ba43f83615ab781022eeaa468c38a2f64a7c2d2d0cf5681bd6479

  • SSDEEP

    12288:VMrUy90/Ytvr6OOmlt0UtB7Rcz+K0o8+T8C7iCFnH7XBpCf:9ykUOxGtB2Czopx5s

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      d6e11fe4f0f58e243a429f8e1ce365f11aa62003d1a1f52c89ee2bfcefa47463

    • Size

      529KB

    • MD5

      d03484905e185f33bc8968b5d15954bf

    • SHA1

      3fe5e9a45baa800b7cdd0ecbc88c271962f12fd7

    • SHA256

      d6e11fe4f0f58e243a429f8e1ce365f11aa62003d1a1f52c89ee2bfcefa47463

    • SHA512

      a6509eac250d4b34c6e689dade4aad1fa717fe89a1f9698349fc39c9e3f543b6e9b31f37fb8ba43f83615ab781022eeaa468c38a2f64a7c2d2d0cf5681bd6479

    • SSDEEP

      12288:VMrUy90/Ytvr6OOmlt0UtB7Rcz+K0o8+T8C7iCFnH7XBpCf:9ykUOxGtB2Czopx5s

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks