General

  • Target

    d69cd86f0eeb35c4b3f49a47550a254193711091b1bb036853eea99babfc1b6a

  • Size

    678KB

  • Sample

    241104-zjxjlswnbs

  • MD5

    1196d2a76349efaaa15bfff71ff2645d

  • SHA1

    fa891fff8086e0202d94cfb9e6c632f08d4d0b40

  • SHA256

    d69cd86f0eeb35c4b3f49a47550a254193711091b1bb036853eea99babfc1b6a

  • SHA512

    7b0afd0f5623475781a562c267c422252d3dfd1c41b120961737650fbcaf83a601764af4e9040985c6c5b305848ca16448f40f8c7d0586107ffc0ddcee780390

  • SSDEEP

    12288:7Mrsy90q/cr1/LzbyFExjmTYbIaMf6Mh40S8qeWqX38j8kbynmMVUrGUv5:ry1/kLnyWjmT3fZg8qxqn8jOmMVqGu5

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      d69cd86f0eeb35c4b3f49a47550a254193711091b1bb036853eea99babfc1b6a

    • Size

      678KB

    • MD5

      1196d2a76349efaaa15bfff71ff2645d

    • SHA1

      fa891fff8086e0202d94cfb9e6c632f08d4d0b40

    • SHA256

      d69cd86f0eeb35c4b3f49a47550a254193711091b1bb036853eea99babfc1b6a

    • SHA512

      7b0afd0f5623475781a562c267c422252d3dfd1c41b120961737650fbcaf83a601764af4e9040985c6c5b305848ca16448f40f8c7d0586107ffc0ddcee780390

    • SSDEEP

      12288:7Mrsy90q/cr1/LzbyFExjmTYbIaMf6Mh40S8qeWqX38j8kbynmMVUrGUv5:ry1/kLnyWjmT3fZg8qxqn8jOmMVqGu5

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks