General

  • Target

    9979ea53831558315a23b3364c8e41159c2ced9de8554e29c88ae290114c9ecd

  • Size

    536KB

  • Sample

    241105-2rh3aszfnh

  • MD5

    47673b61583a22cdc5248aeec87baa99

  • SHA1

    e6b4aa4c7b5a78366d91d6db5babf352dc386c26

  • SHA256

    9979ea53831558315a23b3364c8e41159c2ced9de8554e29c88ae290114c9ecd

  • SHA512

    141857be13dd8fefb8b7875f09ab6c6320aa612a0cb5086208b858ff8db7fb904cebe165e7a076042555b9a6b62f0ba2e44c291f1517b78f59420b8df38a74f7

  • SSDEEP

    12288:sMrmy90Z0XF/IFPtCrgZKU13KNNzvLnuiLf15ww:CybZIt6gR16NNn515ww

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      9979ea53831558315a23b3364c8e41159c2ced9de8554e29c88ae290114c9ecd

    • Size

      536KB

    • MD5

      47673b61583a22cdc5248aeec87baa99

    • SHA1

      e6b4aa4c7b5a78366d91d6db5babf352dc386c26

    • SHA256

      9979ea53831558315a23b3364c8e41159c2ced9de8554e29c88ae290114c9ecd

    • SHA512

      141857be13dd8fefb8b7875f09ab6c6320aa612a0cb5086208b858ff8db7fb904cebe165e7a076042555b9a6b62f0ba2e44c291f1517b78f59420b8df38a74f7

    • SSDEEP

      12288:sMrmy90Z0XF/IFPtCrgZKU13KNNzvLnuiLf15ww:CybZIt6gR16NNn515ww

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks