General

  • Target

    fd554d6557eb9c5f64e0c28df059f6e4f45459eb94cfe7b7ac5421f617917272

  • Size

    537KB

  • Sample

    241105-z1l47s1nbm

  • MD5

    eb40b9eccbc51734f126141c0220f3c8

  • SHA1

    06040857c23601acf0894ecb913a120e11f10a13

  • SHA256

    fd554d6557eb9c5f64e0c28df059f6e4f45459eb94cfe7b7ac5421f617917272

  • SHA512

    9d805f4640355a86200787cff58aab53cf6d3600959197702eb11614456c54f6f83bb2787f1bcb915fe3889f08ac528935dc7fb87cc861e50bf0c0fe95947e60

  • SSDEEP

    12288:YMrGy904oMwPE6CS255C56x2gUCgHPwQ4qMMBQtlfyb:Oyux86ta5C56cg+vwJqDQpo

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      fd554d6557eb9c5f64e0c28df059f6e4f45459eb94cfe7b7ac5421f617917272

    • Size

      537KB

    • MD5

      eb40b9eccbc51734f126141c0220f3c8

    • SHA1

      06040857c23601acf0894ecb913a120e11f10a13

    • SHA256

      fd554d6557eb9c5f64e0c28df059f6e4f45459eb94cfe7b7ac5421f617917272

    • SHA512

      9d805f4640355a86200787cff58aab53cf6d3600959197702eb11614456c54f6f83bb2787f1bcb915fe3889f08ac528935dc7fb87cc861e50bf0c0fe95947e60

    • SSDEEP

      12288:YMrGy904oMwPE6CS255C56x2gUCgHPwQ4qMMBQtlfyb:Oyux86ta5C56cg+vwJqDQpo

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks