General

  • Target

    641b8d75c77cb2dc272f3cb5c5a3275ac48070280d955f67c017b81c1a2c3a87

  • Size

    671KB

  • Sample

    241109-ehxsrswnes

  • MD5

    5ebd967080fa049323b7caa81374e20d

  • SHA1

    1e5a54eb0b92ef9735344379de3ca6d968a57155

  • SHA256

    641b8d75c77cb2dc272f3cb5c5a3275ac48070280d955f67c017b81c1a2c3a87

  • SHA512

    ff217c2b94b117446f124b16275cf07a98f3dc8d2bbcecce96bfca6a43a2327c2da43b57689be1d2f1e2e638b83fd2172058f5e7c1e944eae592d4e345aad584

  • SSDEEP

    12288:QMr0y90Zv0DMN3sILja0vCcmiNicQPSTSt59UrwV28CWaoft/jumes:0yoM4N5a0RgLWSt5uC2pWZB1

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      641b8d75c77cb2dc272f3cb5c5a3275ac48070280d955f67c017b81c1a2c3a87

    • Size

      671KB

    • MD5

      5ebd967080fa049323b7caa81374e20d

    • SHA1

      1e5a54eb0b92ef9735344379de3ca6d968a57155

    • SHA256

      641b8d75c77cb2dc272f3cb5c5a3275ac48070280d955f67c017b81c1a2c3a87

    • SHA512

      ff217c2b94b117446f124b16275cf07a98f3dc8d2bbcecce96bfca6a43a2327c2da43b57689be1d2f1e2e638b83fd2172058f5e7c1e944eae592d4e345aad584

    • SSDEEP

      12288:QMr0y90Zv0DMN3sILja0vCcmiNicQPSTSt59UrwV28CWaoft/jumes:0yoM4N5a0RgLWSt5uC2pWZB1

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks