General

  • Target

    d0a5150e46445d2ade0f913ffca157f9865feaa2c513c4deac3813f4ed2b7f8e

  • Size

    536KB

  • Sample

    241109-ehhnvazldl

  • MD5

    347f5d668ad22da5ac5a4c6418340d0a

  • SHA1

    08cc692dab7260ce82b1d30c31101975dd354762

  • SHA256

    d0a5150e46445d2ade0f913ffca157f9865feaa2c513c4deac3813f4ed2b7f8e

  • SHA512

    9afd580116dd15a6a42992c6ee9f11956bf9f466e1da9533b201481f3eb9fb281a5256c7de446b180a58dd1c1260c4582bc46717397c89d45e1e1c1296913c23

  • SSDEEP

    12288:PMrBy907rALyc91auglv6bsCNXzNCRoTlpcf4B:iyekL591V8CbsCNX0ohpcwB

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      d0a5150e46445d2ade0f913ffca157f9865feaa2c513c4deac3813f4ed2b7f8e

    • Size

      536KB

    • MD5

      347f5d668ad22da5ac5a4c6418340d0a

    • SHA1

      08cc692dab7260ce82b1d30c31101975dd354762

    • SHA256

      d0a5150e46445d2ade0f913ffca157f9865feaa2c513c4deac3813f4ed2b7f8e

    • SHA512

      9afd580116dd15a6a42992c6ee9f11956bf9f466e1da9533b201481f3eb9fb281a5256c7de446b180a58dd1c1260c4582bc46717397c89d45e1e1c1296913c23

    • SSDEEP

      12288:PMrBy907rALyc91auglv6bsCNXzNCRoTlpcf4B:iyekL591V8CbsCNX0ohpcwB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks