General

  • Target

    430cfb524cc09c25f675295b4e24679f6bd88efdae71683455335c71d4ded1dd

  • Size

    694KB

  • Sample

    241109-ea1vfszkbl

  • MD5

    7a601d39c4159fdae42ecedd8c10c582

  • SHA1

    4839dce26c0be8ba9632474e52076abb6a1adf67

  • SHA256

    430cfb524cc09c25f675295b4e24679f6bd88efdae71683455335c71d4ded1dd

  • SHA512

    a95195d7c1c378527baa0d1e5efadf93a5e864bbf41b4e9c117163d79fb97b6503563d504de66a556b302a9525661bc52b0d7330312d1a602f844fdfafb7a99e

  • SSDEEP

    12288:mMrYy90OA2pudFqxmFXMOeESaDzo48fmoVKI7UBlVLpqZRI1kXth+:+y0M8FqMFMOeESOkFVKcUrLqTW1

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      430cfb524cc09c25f675295b4e24679f6bd88efdae71683455335c71d4ded1dd

    • Size

      694KB

    • MD5

      7a601d39c4159fdae42ecedd8c10c582

    • SHA1

      4839dce26c0be8ba9632474e52076abb6a1adf67

    • SHA256

      430cfb524cc09c25f675295b4e24679f6bd88efdae71683455335c71d4ded1dd

    • SHA512

      a95195d7c1c378527baa0d1e5efadf93a5e864bbf41b4e9c117163d79fb97b6503563d504de66a556b302a9525661bc52b0d7330312d1a602f844fdfafb7a99e

    • SSDEEP

      12288:mMrYy90OA2pudFqxmFXMOeESaDzo48fmoVKI7UBlVLpqZRI1kXth+:+y0M8FqMFMOeESOkFVKcUrLqTW1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks