General

  • Target

    45ec395361ed774e04992e440c867dff75c6c13dc00768d0f85aa6d2da48e1f1

  • Size

    925KB

  • Sample

    241105-vfm4jsxmdj

  • MD5

    d9dc7edc38c1e4ef9628e11e343181dc

  • SHA1

    0b6d224321e8bc596094d017003581fa734e4380

  • SHA256

    45ec395361ed774e04992e440c867dff75c6c13dc00768d0f85aa6d2da48e1f1

  • SHA512

    9eb3eec555d1cc721d8a526d4cc3d27199706a9c669777814a578086149690224a8b0b40ad378fd9061d13df7bead9acd9328c9f4ec601247c2011995c6f4d73

  • SSDEEP

    24576:qynzRyx/19l7/yzHGJQrN660lPri/SWiEAPCc:xnk5LlbyrwU0p9rAj

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      45ec395361ed774e04992e440c867dff75c6c13dc00768d0f85aa6d2da48e1f1

    • Size

      925KB

    • MD5

      d9dc7edc38c1e4ef9628e11e343181dc

    • SHA1

      0b6d224321e8bc596094d017003581fa734e4380

    • SHA256

      45ec395361ed774e04992e440c867dff75c6c13dc00768d0f85aa6d2da48e1f1

    • SHA512

      9eb3eec555d1cc721d8a526d4cc3d27199706a9c669777814a578086149690224a8b0b40ad378fd9061d13df7bead9acd9328c9f4ec601247c2011995c6f4d73

    • SSDEEP

      24576:qynzRyx/19l7/yzHGJQrN660lPri/SWiEAPCc:xnk5LlbyrwU0p9rAj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks