General

  • Target

    29466a11ef11e5ed11dab5917a13b27c267632a0513f10f066ee3e1a1f1db22c

  • Size

    674KB

  • Sample

    241104-zjrncszkbn

  • MD5

    9874ed0a9d674e7c78d8490255629e84

  • SHA1

    409d812ca279e3dd105fe46edef21487e949f9ca

  • SHA256

    29466a11ef11e5ed11dab5917a13b27c267632a0513f10f066ee3e1a1f1db22c

  • SHA512

    d879b7a27cec597f938f2fb52497f84e492c46906d1632e13947a5c25a0d2924c2f3b1c5f7fc9909f212d7c7dca5b0c82390ac24652d5e50343116cebfac0366

  • SSDEEP

    12288:MMrey90Jt9djCH6ijRfg8Hcs9T7CJ6xZMyb1GW/xWztz00672:Cy0d+H7jR/H/lGyxp/Utzj672

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      29466a11ef11e5ed11dab5917a13b27c267632a0513f10f066ee3e1a1f1db22c

    • Size

      674KB

    • MD5

      9874ed0a9d674e7c78d8490255629e84

    • SHA1

      409d812ca279e3dd105fe46edef21487e949f9ca

    • SHA256

      29466a11ef11e5ed11dab5917a13b27c267632a0513f10f066ee3e1a1f1db22c

    • SHA512

      d879b7a27cec597f938f2fb52497f84e492c46906d1632e13947a5c25a0d2924c2f3b1c5f7fc9909f212d7c7dca5b0c82390ac24652d5e50343116cebfac0366

    • SSDEEP

      12288:MMrey90Jt9djCH6ijRfg8Hcs9T7CJ6xZMyb1GW/xWztz00672:Cy0d+H7jR/H/lGyxp/Utzj672

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks