General

  • Target

    0eeac94c8b9e01558d3103577453e8e6d6f78dc43e12f396de364bf3eb277806

  • Size

    670KB

  • Sample

    241105-2wrv1azgnb

  • MD5

    7962d075943d615565123b7bf64e5990

  • SHA1

    1e0651afdbed664db94b3b941f1ea23ba47e6b3a

  • SHA256

    0eeac94c8b9e01558d3103577453e8e6d6f78dc43e12f396de364bf3eb277806

  • SHA512

    08ea393b159a929c8b7f608f6dbd0b697c123b7ddcac5821e8950c0ec2fdc2aed72fb2bb7c3ccab8a8c3c4aec609d11059110463fb4cb1c28333eeee3470017f

  • SSDEEP

    12288:+Mr2y90YwWQwC/uoMS+kTKrh+wRjxSgxMpcznL2TtAAL:MynxYuoRP6RjxSvpcLLstAAL

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      0eeac94c8b9e01558d3103577453e8e6d6f78dc43e12f396de364bf3eb277806

    • Size

      670KB

    • MD5

      7962d075943d615565123b7bf64e5990

    • SHA1

      1e0651afdbed664db94b3b941f1ea23ba47e6b3a

    • SHA256

      0eeac94c8b9e01558d3103577453e8e6d6f78dc43e12f396de364bf3eb277806

    • SHA512

      08ea393b159a929c8b7f608f6dbd0b697c123b7ddcac5821e8950c0ec2fdc2aed72fb2bb7c3ccab8a8c3c4aec609d11059110463fb4cb1c28333eeee3470017f

    • SSDEEP

      12288:+Mr2y90YwWQwC/uoMS+kTKrh+wRjxSgxMpcznL2TtAAL:MynxYuoRP6RjxSvpcLLstAAL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks