General

  • Target

    0c9564966bd966758cce5181e66d8929d340f5dd29c4bf9e33a1bc61df1271ec

  • Size

    677KB

  • Sample

    241109-ebf7faxapq

  • MD5

    5ea32efcddfa436f719170eec349479f

  • SHA1

    8edb006783f5b544e30d4277de0a6d1fa0b0edda

  • SHA256

    0c9564966bd966758cce5181e66d8929d340f5dd29c4bf9e33a1bc61df1271ec

  • SHA512

    7f9f802696b7795fe9b88be934519b211ce841c3d6b24c1ed6face99008da48f073b976e4b29152ef98aa3ea7815d4239fc3703d1eb2eaf08d1d11b7b8e0fe7c

  • SSDEEP

    12288:pMr+y90CBLEf6KHVLZzxCSB6KcOlKEWxxmv2/QDVqBCvE9/ImIfbmE7Y+X:XynJw6Q1pg7yvYC89QmebmEjX

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      0c9564966bd966758cce5181e66d8929d340f5dd29c4bf9e33a1bc61df1271ec

    • Size

      677KB

    • MD5

      5ea32efcddfa436f719170eec349479f

    • SHA1

      8edb006783f5b544e30d4277de0a6d1fa0b0edda

    • SHA256

      0c9564966bd966758cce5181e66d8929d340f5dd29c4bf9e33a1bc61df1271ec

    • SHA512

      7f9f802696b7795fe9b88be934519b211ce841c3d6b24c1ed6face99008da48f073b976e4b29152ef98aa3ea7815d4239fc3703d1eb2eaf08d1d11b7b8e0fe7c

    • SSDEEP

      12288:pMr+y90CBLEf6KHVLZzxCSB6KcOlKEWxxmv2/QDVqBCvE9/ImIfbmE7Y+X:XynJw6Q1pg7yvYC89QmebmEjX

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks