General

  • Target

    9635a0a4359f0b7c6c8d023dcf9791a8f8fc7bdd3d04b7035f521bd26576d4ea

  • Size

    537KB

  • Sample

    241105-2yenfszgqh

  • MD5

    4c14a523953e38399e1c462cd3884a68

  • SHA1

    5e94d60ec8d4233ba54118960e93ba89826b3ca5

  • SHA256

    9635a0a4359f0b7c6c8d023dcf9791a8f8fc7bdd3d04b7035f521bd26576d4ea

  • SHA512

    ae93e40b318191a965ce154e613d5b5164f2228bae969d9e262b66e227e6cca6f4f68e702af89184958bec3e8a9e90797f5df1ef3639cc68dffe5c4d1f19bf1b

  • SSDEEP

    12288:AMrfy90mMlQiuTKPxE+iCMWkYuzdUmLHDwlzzvSrkaXsUnWA:PyPiumSCMWkVzdVjwlzz+rpnWA

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      9635a0a4359f0b7c6c8d023dcf9791a8f8fc7bdd3d04b7035f521bd26576d4ea

    • Size

      537KB

    • MD5

      4c14a523953e38399e1c462cd3884a68

    • SHA1

      5e94d60ec8d4233ba54118960e93ba89826b3ca5

    • SHA256

      9635a0a4359f0b7c6c8d023dcf9791a8f8fc7bdd3d04b7035f521bd26576d4ea

    • SHA512

      ae93e40b318191a965ce154e613d5b5164f2228bae969d9e262b66e227e6cca6f4f68e702af89184958bec3e8a9e90797f5df1ef3639cc68dffe5c4d1f19bf1b

    • SSDEEP

      12288:AMrfy90mMlQiuTKPxE+iCMWkYuzdUmLHDwlzzvSrkaXsUnWA:PyPiumSCMWkVzdVjwlzz+rpnWA

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks