General

  • Target

    58744e13e11aafcd524794bc4ec3fffd6b08045b59968b0a82340c13ad81bf58

  • Size

    559KB

  • Sample

    241104-zjzc7swnbt

  • MD5

    d0e65399e5a352991c28ac7e85bdd1aa

  • SHA1

    38abb9920336fd6622a1cf1aeea10c035f98e159

  • SHA256

    58744e13e11aafcd524794bc4ec3fffd6b08045b59968b0a82340c13ad81bf58

  • SHA512

    007bcf630354f9482d6106ca1968cab336fa465aa9e11d2d520a4ae7fc5b1a6cae556b4a636846ce43d78d0b73b2f542b8497a6a8519140df261ab3abba634f2

  • SSDEEP

    12288:2MrSy90Hr0ikfKv2f7ar3YsTEUd+pOuaejWWP8BztbcRof4i5sH7Wq/oue:QyyYS0A+phaZWP89tbNfzs6q/I

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      58744e13e11aafcd524794bc4ec3fffd6b08045b59968b0a82340c13ad81bf58

    • Size

      559KB

    • MD5

      d0e65399e5a352991c28ac7e85bdd1aa

    • SHA1

      38abb9920336fd6622a1cf1aeea10c035f98e159

    • SHA256

      58744e13e11aafcd524794bc4ec3fffd6b08045b59968b0a82340c13ad81bf58

    • SHA512

      007bcf630354f9482d6106ca1968cab336fa465aa9e11d2d520a4ae7fc5b1a6cae556b4a636846ce43d78d0b73b2f542b8497a6a8519140df261ab3abba634f2

    • SSDEEP

      12288:2MrSy90Hr0ikfKv2f7ar3YsTEUd+pOuaejWWP8BztbcRof4i5sH7Wq/oue:QyyYS0A+phaZWP89tbNfzs6q/I

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks