General

  • Target

    de107f0e5b1a27237f8aeeed095d03e0784f46b6ce5e843da2679151effe4788

  • Size

    678KB

  • Sample

    241109-ebx5yszkcp

  • MD5

    97d73bccc11d2720aa98bd529b7b5802

  • SHA1

    27d5cfa30e27a615cde68fcadddf6211b140418c

  • SHA256

    de107f0e5b1a27237f8aeeed095d03e0784f46b6ce5e843da2679151effe4788

  • SHA512

    62775cf93bea967c644de805221a47b3def8d80cc549a561f5cd6b69a6444ec2c912cf9f4179c8a6501ef6ed78ec3fb5b8b68c57d7c79e1895ebfbb3cbf988d7

  • SSDEEP

    12288:aMrcy90NqzHjjVEAs3D3dbNsBqtwC+ly/dhY27By:KydHu5hSBxC+8nYH

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      de107f0e5b1a27237f8aeeed095d03e0784f46b6ce5e843da2679151effe4788

    • Size

      678KB

    • MD5

      97d73bccc11d2720aa98bd529b7b5802

    • SHA1

      27d5cfa30e27a615cde68fcadddf6211b140418c

    • SHA256

      de107f0e5b1a27237f8aeeed095d03e0784f46b6ce5e843da2679151effe4788

    • SHA512

      62775cf93bea967c644de805221a47b3def8d80cc549a561f5cd6b69a6444ec2c912cf9f4179c8a6501ef6ed78ec3fb5b8b68c57d7c79e1895ebfbb3cbf988d7

    • SSDEEP

      12288:aMrcy90NqzHjjVEAs3D3dbNsBqtwC+ly/dhY27By:KydHu5hSBxC+8nYH

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks