General

  • Target

    083eb4d07cc04764003bd7040ae21260de54dffcfcc0c163f935cf1bd1c8a378

  • Size

    533KB

  • Sample

    241109-d8xd9awhqh

  • MD5

    d02ef005449d83ca849e4f2647e48aaf

  • SHA1

    c0f72e49d387bd1f4f5aadf79f2cf17767383f62

  • SHA256

    083eb4d07cc04764003bd7040ae21260de54dffcfcc0c163f935cf1bd1c8a378

  • SHA512

    4648561f3ce7dcb921373d67815ccc23b2519a624c95874f4718ab6a0df382057cf48422f37f6aa9994441768ad5db1445f9456b275941f9158e86d9f72b3ff8

  • SSDEEP

    6144:Khy+bnr+Gp0yN90QEr7D4+ekW8nZNXjZ0YcNDU1iUrreiHjzfydCVw7fD3UCx7/q:3MrGy905LuNUz0Z3U47M6DYSipFx

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      083eb4d07cc04764003bd7040ae21260de54dffcfcc0c163f935cf1bd1c8a378

    • Size

      533KB

    • MD5

      d02ef005449d83ca849e4f2647e48aaf

    • SHA1

      c0f72e49d387bd1f4f5aadf79f2cf17767383f62

    • SHA256

      083eb4d07cc04764003bd7040ae21260de54dffcfcc0c163f935cf1bd1c8a378

    • SHA512

      4648561f3ce7dcb921373d67815ccc23b2519a624c95874f4718ab6a0df382057cf48422f37f6aa9994441768ad5db1445f9456b275941f9158e86d9f72b3ff8

    • SSDEEP

      6144:Khy+bnr+Gp0yN90QEr7D4+ekW8nZNXjZ0YcNDU1iUrreiHjzfydCVw7fD3UCx7/q:3MrGy905LuNUz0Z3U47M6DYSipFx

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks