General

  • Target

    4d5d16a4a40511084473b6763484b89f87b84101a7562bd76938b6514a4e007eN

  • Size

    516KB

  • Sample

    241109-eh47vaxcjq

  • MD5

    426a3f0dd5122b23c5858119205cf7d0

  • SHA1

    e0626ad2b1a6409ffbfe6576d9d79e578ca6128b

  • SHA256

    4d5d16a4a40511084473b6763484b89f87b84101a7562bd76938b6514a4e007e

  • SHA512

    d2964d3b46f992a0a77bd25184bfcce76000016e7319f61e58f1f40aac58796b69ef1e7730099a5bb220270497742acf6b723f16b372333bef7cac8c70e4723d

  • SSDEEP

    12288:6MrDy90IywERk7Rm559ohUohGcAxJQTrqjpT0o3RngDpmtmP:Zybp7Rm5SBfrmhBnEpmm

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      4d5d16a4a40511084473b6763484b89f87b84101a7562bd76938b6514a4e007eN

    • Size

      516KB

    • MD5

      426a3f0dd5122b23c5858119205cf7d0

    • SHA1

      e0626ad2b1a6409ffbfe6576d9d79e578ca6128b

    • SHA256

      4d5d16a4a40511084473b6763484b89f87b84101a7562bd76938b6514a4e007e

    • SHA512

      d2964d3b46f992a0a77bd25184bfcce76000016e7319f61e58f1f40aac58796b69ef1e7730099a5bb220270497742acf6b723f16b372333bef7cac8c70e4723d

    • SSDEEP

      12288:6MrDy90IywERk7Rm559ohUohGcAxJQTrqjpT0o3RngDpmtmP:Zybp7Rm5SBfrmhBnEpmm

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks