General

  • Target

    ade28eb6b6a1e6c8932e45025811aa0a57c04232f78061f6ab4a49f9bc6895d0

  • Size

    559KB

  • Sample

    241104-zk5llsxara

  • MD5

    fc46757b8f3bda5e64f99adc84cf0a67

  • SHA1

    812b519ef819a86aeb2ffae9d023e59bf2976b8a

  • SHA256

    ade28eb6b6a1e6c8932e45025811aa0a57c04232f78061f6ab4a49f9bc6895d0

  • SHA512

    f333d49d40cdb1b555db4764e68e173c1c2ccd80035c636651b09039d30763dcf8cef11563d8065cdb2d90bc9e622ebd8c6a0faf6abdab9a21335fb0c15e8148

  • SSDEEP

    12288:+Mr8y90V+wTFK4fjpl8M4BpQwEaggNMYHfO68A7s9ykjs6:2yETTkOj4lkgNMO157YB

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      ade28eb6b6a1e6c8932e45025811aa0a57c04232f78061f6ab4a49f9bc6895d0

    • Size

      559KB

    • MD5

      fc46757b8f3bda5e64f99adc84cf0a67

    • SHA1

      812b519ef819a86aeb2ffae9d023e59bf2976b8a

    • SHA256

      ade28eb6b6a1e6c8932e45025811aa0a57c04232f78061f6ab4a49f9bc6895d0

    • SHA512

      f333d49d40cdb1b555db4764e68e173c1c2ccd80035c636651b09039d30763dcf8cef11563d8065cdb2d90bc9e622ebd8c6a0faf6abdab9a21335fb0c15e8148

    • SSDEEP

      12288:+Mr8y90V+wTFK4fjpl8M4BpQwEaggNMYHfO68A7s9ykjs6:2yETTkOj4lkgNMO157YB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks