General

  • Target

    f49d5de361b354e42b53a3a35c70bc9f602bf608af055d5cc32813a2b688e198

  • Size

    546KB

  • Sample

    241109-1s5r1ssldw

  • MD5

    0d314b50fb769db2ba2ea1d316663d55

  • SHA1

    3398ce34ec884489f884d1dfe7cf446e9c9011cb

  • SHA256

    f49d5de361b354e42b53a3a35c70bc9f602bf608af055d5cc32813a2b688e198

  • SHA512

    2758f3d6261e9811dc3cb0ad08315f4f41fd2769184a9eeb5b2d539594ad63f8f3ba33f505e21269f89f4ea7f12a71974d7e522d4dbb18b103cdf4760ef4de6c

  • SSDEEP

    12288:aMr9y90cKmx4pD3cnBd2gpzvpfGUAUrPlgRx++M+CmHFsXvel:zywmIceojp+U/b8xa2FsXe

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      f49d5de361b354e42b53a3a35c70bc9f602bf608af055d5cc32813a2b688e198

    • Size

      546KB

    • MD5

      0d314b50fb769db2ba2ea1d316663d55

    • SHA1

      3398ce34ec884489f884d1dfe7cf446e9c9011cb

    • SHA256

      f49d5de361b354e42b53a3a35c70bc9f602bf608af055d5cc32813a2b688e198

    • SHA512

      2758f3d6261e9811dc3cb0ad08315f4f41fd2769184a9eeb5b2d539594ad63f8f3ba33f505e21269f89f4ea7f12a71974d7e522d4dbb18b103cdf4760ef4de6c

    • SSDEEP

      12288:aMr9y90cKmx4pD3cnBd2gpzvpfGUAUrPlgRx++M+CmHFsXvel:zywmIceojp+U/b8xa2FsXe

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks