General

  • Target

    723955a5723d44e3c6635905be1acda8990dd1a3782be9c782b5519d26c7cf09

  • Size

    534KB

  • Sample

    241105-2ld66azeng

  • MD5

    4bbdbbdb555203d13f5b6094b446953c

  • SHA1

    ee1dd1f69f7c0ccdd500867fe7ab15c0f19caf99

  • SHA256

    723955a5723d44e3c6635905be1acda8990dd1a3782be9c782b5519d26c7cf09

  • SHA512

    0dc44316b0de09c1c24c7909c9858998c62233da670fbfe162712211b34a14110c408baf127fac6a4732825e0d16f4006d1569173eff4da4b47c12809693aa8c

  • SSDEEP

    12288:SMrEy90UYsIl+YDAA7gaUb4HNpeRa3melpmu0mX:iyDldFa84tMRalbm2X

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      723955a5723d44e3c6635905be1acda8990dd1a3782be9c782b5519d26c7cf09

    • Size

      534KB

    • MD5

      4bbdbbdb555203d13f5b6094b446953c

    • SHA1

      ee1dd1f69f7c0ccdd500867fe7ab15c0f19caf99

    • SHA256

      723955a5723d44e3c6635905be1acda8990dd1a3782be9c782b5519d26c7cf09

    • SHA512

      0dc44316b0de09c1c24c7909c9858998c62233da670fbfe162712211b34a14110c408baf127fac6a4732825e0d16f4006d1569173eff4da4b47c12809693aa8c

    • SSDEEP

      12288:SMrEy90UYsIl+YDAA7gaUb4HNpeRa3melpmu0mX:iyDldFa84tMRalbm2X

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks