General

  • Target

    ded84ce2afa5153686591a67c502d7859d8c7a1cf150197cbb61ff3fcb9d79ff

  • Size

    689KB

  • Sample

    241105-2c5yhs1apl

  • MD5

    2f7b42bec4ccd28ba983461cd891aa12

  • SHA1

    e0d771d585731d5978526aca70e812c104411846

  • SHA256

    ded84ce2afa5153686591a67c502d7859d8c7a1cf150197cbb61ff3fcb9d79ff

  • SHA512

    3733401e77f5e9b9b7e07c7f07bb3c5353e0b6261eece14a92e005272e5449d07c38e96fa55d5752e24ad34b80d626460ffd8c54baad85808a83426d2a16f05c

  • SSDEEP

    12288:2MrSy90hmsiSf/QDXH5fhA3aHjvwutW6i0MBmBkX+4aTzNhlCQgUo8l2n:Iy6msig/wH55A3aDv7thfMsB9NO7UGn

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      ded84ce2afa5153686591a67c502d7859d8c7a1cf150197cbb61ff3fcb9d79ff

    • Size

      689KB

    • MD5

      2f7b42bec4ccd28ba983461cd891aa12

    • SHA1

      e0d771d585731d5978526aca70e812c104411846

    • SHA256

      ded84ce2afa5153686591a67c502d7859d8c7a1cf150197cbb61ff3fcb9d79ff

    • SHA512

      3733401e77f5e9b9b7e07c7f07bb3c5353e0b6261eece14a92e005272e5449d07c38e96fa55d5752e24ad34b80d626460ffd8c54baad85808a83426d2a16f05c

    • SSDEEP

      12288:2MrSy90hmsiSf/QDXH5fhA3aHjvwutW6i0MBmBkX+4aTzNhlCQgUo8l2n:Iy6msig/wH55A3aDv7thfMsB9NO7UGn

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks