General

  • Target

    a1ceded74fc0c305127fdd642c90fec29eba366567442ce2cac6211a647aab8e

  • Size

    534KB

  • Sample

    241105-2gkhdaspcl

  • MD5

    9b9a9b33a653deee40391e1bb36ade57

  • SHA1

    088bca70e5b1e5b5519395f4b342ffc13c820b23

  • SHA256

    a1ceded74fc0c305127fdd642c90fec29eba366567442ce2cac6211a647aab8e

  • SHA512

    0b451a65c6f9b1688148c1e1b4b0939db7808b07a437280041ec6d77d6b813870128d01fdf6c4938b14ca23169fa515c883d77c1ee22f41d1b58aaef39f905b1

  • SSDEEP

    12288:MMrKy90qdqcbD9cgA6zTbbW7GQvRxT+zoEyfE:Oynhcn6z3b2GIT+zifE

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      a1ceded74fc0c305127fdd642c90fec29eba366567442ce2cac6211a647aab8e

    • Size

      534KB

    • MD5

      9b9a9b33a653deee40391e1bb36ade57

    • SHA1

      088bca70e5b1e5b5519395f4b342ffc13c820b23

    • SHA256

      a1ceded74fc0c305127fdd642c90fec29eba366567442ce2cac6211a647aab8e

    • SHA512

      0b451a65c6f9b1688148c1e1b4b0939db7808b07a437280041ec6d77d6b813870128d01fdf6c4938b14ca23169fa515c883d77c1ee22f41d1b58aaef39f905b1

    • SSDEEP

      12288:MMrKy90qdqcbD9cgA6zTbbW7GQvRxT+zoEyfE:Oynhcn6z3b2GIT+zifE

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks