General

  • Target

    0838cba9c684992cdbc45e0335eb5d0b74f59d0dcc05a7ec78516d2148add43a

  • Size

    667KB

  • Sample

    241105-qnc64a1hka

  • MD5

    14c8c8c6c58f3b9fe4105be627151a30

  • SHA1

    00c8abd9aaae7b1e17beb9c735b24ccf4555f825

  • SHA256

    0838cba9c684992cdbc45e0335eb5d0b74f59d0dcc05a7ec78516d2148add43a

  • SHA512

    352aa9d8eb4f7c4d0d9afbae5902dde489bf68c29d55afa5379b0234eed075bbe171d957fc9b0ab11f1d8dc369d27a38d6520b33d821e64953f0bc3dc2384323

  • SSDEEP

    12288:xMrwy90GWDXe2GAKTLiyk0uSIeFchdMzAYiHqwDRjN2escsvs62C3k9c+t6udjv:FyIVBKiauIsdTKCLsvs62C3kCc6CL

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      0838cba9c684992cdbc45e0335eb5d0b74f59d0dcc05a7ec78516d2148add43a

    • Size

      667KB

    • MD5

      14c8c8c6c58f3b9fe4105be627151a30

    • SHA1

      00c8abd9aaae7b1e17beb9c735b24ccf4555f825

    • SHA256

      0838cba9c684992cdbc45e0335eb5d0b74f59d0dcc05a7ec78516d2148add43a

    • SHA512

      352aa9d8eb4f7c4d0d9afbae5902dde489bf68c29d55afa5379b0234eed075bbe171d957fc9b0ab11f1d8dc369d27a38d6520b33d821e64953f0bc3dc2384323

    • SSDEEP

      12288:xMrwy90GWDXe2GAKTLiyk0uSIeFchdMzAYiHqwDRjN2escsvs62C3k9c+t6udjv:FyIVBKiauIsdTKCLsvs62C3kCc6CL

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks