General

  • Target

    ec4fdc02f3d60c37316d2d878bdb68150f02fdeeb13ac54f182913c43e4b3617

  • Size

    530KB

  • Sample

    241109-1s2qcstblr

  • MD5

    3e3d599e45bb2c85fbfd4f546429574f

  • SHA1

    8e421788369b15a85f9d6b8616b6837e0052c40c

  • SHA256

    ec4fdc02f3d60c37316d2d878bdb68150f02fdeeb13ac54f182913c43e4b3617

  • SHA512

    2f35aa8e9f3181974188cf61910832c1b905d756fe78f69471c5933c020d233ca3a5159f40e62128c815da117f5bb608fd8af5088b3f8ae5d13309c332f09e72

  • SSDEEP

    12288:6MrFy900enD8ga9FCAPGlnE8GxtoJDYWBERB:LyOYga9QAelnE8MYYb

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      ec4fdc02f3d60c37316d2d878bdb68150f02fdeeb13ac54f182913c43e4b3617

    • Size

      530KB

    • MD5

      3e3d599e45bb2c85fbfd4f546429574f

    • SHA1

      8e421788369b15a85f9d6b8616b6837e0052c40c

    • SHA256

      ec4fdc02f3d60c37316d2d878bdb68150f02fdeeb13ac54f182913c43e4b3617

    • SHA512

      2f35aa8e9f3181974188cf61910832c1b905d756fe78f69471c5933c020d233ca3a5159f40e62128c815da117f5bb608fd8af5088b3f8ae5d13309c332f09e72

    • SSDEEP

      12288:6MrFy900enD8ga9FCAPGlnE8GxtoJDYWBERB:LyOYga9QAelnE8MYYb

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks