General

  • Target

    720a7e79c7f96785edff56526351296d0c89e56fc2089db04133ffe01d37372c

  • Size

    537KB

  • Sample

    241106-mtsbesyhrj

  • MD5

    63f0e25e2549036b07951a1fef9da264

  • SHA1

    4811cb89660893d26a24abba1d22484884f50f45

  • SHA256

    720a7e79c7f96785edff56526351296d0c89e56fc2089db04133ffe01d37372c

  • SHA512

    86c103d6d1e9c2acb0028d60732720835bbeb569083774b1dc013101549119c51edb33dbd81625900c2e7605bf9060c8570784e252a906c981a22cb0a626ce0e

  • SSDEEP

    12288:xMrAy90b06/mb3HxtXNrkWlyjUFpHSwaNmrMi58u4EDp1:Vy6PU3RtX8jGywoCGwr

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      720a7e79c7f96785edff56526351296d0c89e56fc2089db04133ffe01d37372c

    • Size

      537KB

    • MD5

      63f0e25e2549036b07951a1fef9da264

    • SHA1

      4811cb89660893d26a24abba1d22484884f50f45

    • SHA256

      720a7e79c7f96785edff56526351296d0c89e56fc2089db04133ffe01d37372c

    • SHA512

      86c103d6d1e9c2acb0028d60732720835bbeb569083774b1dc013101549119c51edb33dbd81625900c2e7605bf9060c8570784e252a906c981a22cb0a626ce0e

    • SSDEEP

      12288:xMrAy90b06/mb3HxtXNrkWlyjUFpHSwaNmrMi58u4EDp1:Vy6PU3RtX8jGywoCGwr

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks