General

  • Target

    5c0c3dde28861de579ed74ff3a54612531b9a40efda6d6b12e52ec742ee22039

  • Size

    537KB

  • Sample

    241109-1s387atbmj

  • MD5

    220c5c1cb6d096731ca06bbf6a8166ca

  • SHA1

    a5ea81da3e1c7d0eaae134e8f0edbc57a74a2a89

  • SHA256

    5c0c3dde28861de579ed74ff3a54612531b9a40efda6d6b12e52ec742ee22039

  • SHA512

    0652dca84feba0df31e3b445ea146bebfa01550a26c60a825c58a4c7d7edddc15cb63e67825a6f34fb3700206cd343d7df6d46b38de00c3a0f00880ccc7c6b98

  • SSDEEP

    12288:DMrqy90s+C7/xLg1jtlJIM5NPzq91nL0kj6PTVsM:Vyr+NGM5NPcn3+LVD

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      5c0c3dde28861de579ed74ff3a54612531b9a40efda6d6b12e52ec742ee22039

    • Size

      537KB

    • MD5

      220c5c1cb6d096731ca06bbf6a8166ca

    • SHA1

      a5ea81da3e1c7d0eaae134e8f0edbc57a74a2a89

    • SHA256

      5c0c3dde28861de579ed74ff3a54612531b9a40efda6d6b12e52ec742ee22039

    • SHA512

      0652dca84feba0df31e3b445ea146bebfa01550a26c60a825c58a4c7d7edddc15cb63e67825a6f34fb3700206cd343d7df6d46b38de00c3a0f00880ccc7c6b98

    • SSDEEP

      12288:DMrqy90s+C7/xLg1jtlJIM5NPzq91nL0kj6PTVsM:Vyr+NGM5NPcn3+LVD

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks