General

  • Target

    97e98342be8ffedf722a3598239d99306899d3c6411a29c5bb637f459a01bf91

  • Size

    660KB

  • Sample

    241109-egfg4azlbm

  • MD5

    02304003ed52c215d0cf7a51bb3d0314

  • SHA1

    6f85811442632371840c251a21140e320e957c67

  • SHA256

    97e98342be8ffedf722a3598239d99306899d3c6411a29c5bb637f459a01bf91

  • SHA512

    16a9c1f908a341518761ecb957831d900b2555f3bb8f14aff5b729259a5f5289383a972075214fff2a8901ac72c58e17fc46599199b9b9d60ff6634059c8415b

  • SSDEEP

    12288:oMr6y90kayUBlXZ/H7q+n4b1H+oxloPpdSGPtNALZztX:yyoyiZf7rn4peTpxPtNA9F

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      97e98342be8ffedf722a3598239d99306899d3c6411a29c5bb637f459a01bf91

    • Size

      660KB

    • MD5

      02304003ed52c215d0cf7a51bb3d0314

    • SHA1

      6f85811442632371840c251a21140e320e957c67

    • SHA256

      97e98342be8ffedf722a3598239d99306899d3c6411a29c5bb637f459a01bf91

    • SHA512

      16a9c1f908a341518761ecb957831d900b2555f3bb8f14aff5b729259a5f5289383a972075214fff2a8901ac72c58e17fc46599199b9b9d60ff6634059c8415b

    • SSDEEP

      12288:oMr6y90kayUBlXZ/H7q+n4b1H+oxloPpdSGPtNALZztX:yyoyiZf7rn4peTpxPtNA9F

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks