General

  • Target

    682ae2452318234094cb4dd5c87a17175c7ef483fb1d03930ce446b107c25347

  • Size

    673KB

  • Sample

    241104-qvg4mazkhy

  • MD5

    e10a45f596ab6d698ef0143725dac5c4

  • SHA1

    137e0899348fd1faf97e058599a470b7e0189db2

  • SHA256

    682ae2452318234094cb4dd5c87a17175c7ef483fb1d03930ce446b107c25347

  • SHA512

    fdf85e09d891cb82c24872db9f759131933b086e69a93f5ef79dbe9501bce8a1e8bb85a1830cf933214933366b0e33b382a5c25e407a28983c4b0ed20d6ea229

  • SSDEEP

    12288:bMruy90399+sJBPc4QX6Rud6SRc0Ij4ObuWtQ3RHiEzpgJW:ByUL+sv0VEdSRYj42ueACEzpx

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      682ae2452318234094cb4dd5c87a17175c7ef483fb1d03930ce446b107c25347

    • Size

      673KB

    • MD5

      e10a45f596ab6d698ef0143725dac5c4

    • SHA1

      137e0899348fd1faf97e058599a470b7e0189db2

    • SHA256

      682ae2452318234094cb4dd5c87a17175c7ef483fb1d03930ce446b107c25347

    • SHA512

      fdf85e09d891cb82c24872db9f759131933b086e69a93f5ef79dbe9501bce8a1e8bb85a1830cf933214933366b0e33b382a5c25e407a28983c4b0ed20d6ea229

    • SSDEEP

      12288:bMruy90399+sJBPc4QX6Rud6SRc0Ij4ObuWtQ3RHiEzpgJW:ByUL+sv0VEdSRYj42ueACEzpx

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks