General

  • Target

    fa2b9c84d2f625f63f169bfb58fb3dbff093b1dfe699a1c63d86099f921ad12a

  • Size

    533KB

  • Sample

    241109-d6schswlaz

  • MD5

    9c40dab795d6ed436573113d41f502f8

  • SHA1

    bdf964aa617dfa4d12288cd718750b7ad42a4d3e

  • SHA256

    fa2b9c84d2f625f63f169bfb58fb3dbff093b1dfe699a1c63d86099f921ad12a

  • SHA512

    b836f184b0afe20bde550a32ca732bae01976bb5e7e7aa70f861a0fdab4db66368cb3d5cb4ac6a424c8bb95a2d543e7cb59b21b71a3fa929762bdc8c8ee2911b

  • SSDEEP

    12288:cMrjy90UAd2eiQz0ojRFKrw/PhCEJVaQ4/IeRO8R7LdBX+Cc:/yXAEKz0j8PYEWQ4QQOGG

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      fa2b9c84d2f625f63f169bfb58fb3dbff093b1dfe699a1c63d86099f921ad12a

    • Size

      533KB

    • MD5

      9c40dab795d6ed436573113d41f502f8

    • SHA1

      bdf964aa617dfa4d12288cd718750b7ad42a4d3e

    • SHA256

      fa2b9c84d2f625f63f169bfb58fb3dbff093b1dfe699a1c63d86099f921ad12a

    • SHA512

      b836f184b0afe20bde550a32ca732bae01976bb5e7e7aa70f861a0fdab4db66368cb3d5cb4ac6a424c8bb95a2d543e7cb59b21b71a3fa929762bdc8c8ee2911b

    • SSDEEP

      12288:cMrjy90UAd2eiQz0ojRFKrw/PhCEJVaQ4/IeRO8R7LdBX+Cc:/yXAEKz0j8PYEWQ4QQOGG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks