General

  • Target

    ff5bb9c77ce1783a00aa8908e7fe12aba9a085d60d4294685520234952646c74

  • Size

    695KB

  • Sample

    241105-2r3fyazkcx

  • MD5

    399dac108b9fd8da34f8579cd6521bb9

  • SHA1

    6b5bfda81085869f3fa761691abe4dded2100209

  • SHA256

    ff5bb9c77ce1783a00aa8908e7fe12aba9a085d60d4294685520234952646c74

  • SHA512

    8573cab7778d498eb08c03db8b79c5ced4ee27e713ab6efc2799f4500f323dda027fdfe78f97fa0593e17d71e39b59c49ffa5b54c7c90db062dd55e8f829dc49

  • SSDEEP

    12288:kMrvy90V5ibYrqBJpolQkkjRHkcvDtEaSf7MRNZDA1B1/t1zq5MJmHHmxsHheTmI:TyvcGsPWRE0xyMpAxt1qWQGxo0iI

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      ff5bb9c77ce1783a00aa8908e7fe12aba9a085d60d4294685520234952646c74

    • Size

      695KB

    • MD5

      399dac108b9fd8da34f8579cd6521bb9

    • SHA1

      6b5bfda81085869f3fa761691abe4dded2100209

    • SHA256

      ff5bb9c77ce1783a00aa8908e7fe12aba9a085d60d4294685520234952646c74

    • SHA512

      8573cab7778d498eb08c03db8b79c5ced4ee27e713ab6efc2799f4500f323dda027fdfe78f97fa0593e17d71e39b59c49ffa5b54c7c90db062dd55e8f829dc49

    • SSDEEP

      12288:kMrvy90V5ibYrqBJpolQkkjRHkcvDtEaSf7MRNZDA1B1/t1zq5MJmHHmxsHheTmI:TyvcGsPWRE0xyMpAxt1qWQGxo0iI

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks