General

  • Target

    74ad3f022f53f9525b332c97c79b8da14911d6195afaba217d4863b5be21844b

  • Size

    678KB

  • Sample

    241104-zp6z8szlck

  • MD5

    3f9ce118bf7633f960ea4c90a3588825

  • SHA1

    213614c12e316a87f3597c3caf4dcdb64f498f08

  • SHA256

    74ad3f022f53f9525b332c97c79b8da14911d6195afaba217d4863b5be21844b

  • SHA512

    a5d391fd7598147caa7a31a71c4fec1b236632f02b9c10305aa56471abf76e144a3809ce11fb97a41931776bd2cd673de47f841472f41a7de7c2e0f0a42f8a37

  • SSDEEP

    12288:BMrby90mCyzA5f4WxHW21cfGoK06lLjEc/F1Tds3pEuGpxvIHBYC:myNCyzuQWBM0LF/23pAIHl

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      74ad3f022f53f9525b332c97c79b8da14911d6195afaba217d4863b5be21844b

    • Size

      678KB

    • MD5

      3f9ce118bf7633f960ea4c90a3588825

    • SHA1

      213614c12e316a87f3597c3caf4dcdb64f498f08

    • SHA256

      74ad3f022f53f9525b332c97c79b8da14911d6195afaba217d4863b5be21844b

    • SHA512

      a5d391fd7598147caa7a31a71c4fec1b236632f02b9c10305aa56471abf76e144a3809ce11fb97a41931776bd2cd673de47f841472f41a7de7c2e0f0a42f8a37

    • SSDEEP

      12288:BMrby90mCyzA5f4WxHW21cfGoK06lLjEc/F1Tds3pEuGpxvIHBYC:myNCyzuQWBM0LF/23pAIHl

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks