General

  • Target

    886bbd7906a1edc0c82c6013215b25cbf2101f1d148d56c766df1e1edb4be963

  • Size

    666KB

  • Sample

    241104-zhxg8awnas

  • MD5

    bae03ff875aae5afafafc847f6df3034

  • SHA1

    650c09250033ae8c29c29cb1bea85a9263df6fbb

  • SHA256

    886bbd7906a1edc0c82c6013215b25cbf2101f1d148d56c766df1e1edb4be963

  • SHA512

    7cc07e8244defe2b93d755ec1b7031fc2dc436b112fed4e0f8ca8bba0cf1239c83527bbdf67b4b9cbaff8d939faa25c30c0fa14cdf436ebaf2e32fcd38afc320

  • SSDEEP

    12288:rMrGy90dDpKMw3Em3RSqVME7pl74gwLWy3S6rUTVN/wofPFSL9Iobu6:1yqDputRpME954rFC6r4xwePQaE3

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      886bbd7906a1edc0c82c6013215b25cbf2101f1d148d56c766df1e1edb4be963

    • Size

      666KB

    • MD5

      bae03ff875aae5afafafc847f6df3034

    • SHA1

      650c09250033ae8c29c29cb1bea85a9263df6fbb

    • SHA256

      886bbd7906a1edc0c82c6013215b25cbf2101f1d148d56c766df1e1edb4be963

    • SHA512

      7cc07e8244defe2b93d755ec1b7031fc2dc436b112fed4e0f8ca8bba0cf1239c83527bbdf67b4b9cbaff8d939faa25c30c0fa14cdf436ebaf2e32fcd38afc320

    • SSDEEP

      12288:rMrGy90dDpKMw3Em3RSqVME7pl74gwLWy3S6rUTVN/wofPFSL9Iobu6:1yqDputRpME954rFC6r4xwePQaE3

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks