General

  • Target

    eec8006a53c5f85c442040a9e30d8b26a258b0668084ae6fe599307453b38f58

  • Size

    660KB

  • Sample

    241109-ejjyasxckn

  • MD5

    79a5863a02f199f27042a337b2266f1d

  • SHA1

    dfff750dd89cb4b7e5f515ba7834d0a148584ab1

  • SHA256

    eec8006a53c5f85c442040a9e30d8b26a258b0668084ae6fe599307453b38f58

  • SHA512

    fc7e745cb485c816c7f4feffabdb3dc1c06c93517ce122327db3cbaa4436064346f7e1b5378368d6bf833f830d1290a99157dd7f1df246fd5e89099d1bf918d2

  • SSDEEP

    12288:PMrQy90WkuILsbe5vFYFIVNFZkgujQxN3bazBolTLfEg7aSoP9m:jybkb4YA3j4azBoNleSoP9m

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      eec8006a53c5f85c442040a9e30d8b26a258b0668084ae6fe599307453b38f58

    • Size

      660KB

    • MD5

      79a5863a02f199f27042a337b2266f1d

    • SHA1

      dfff750dd89cb4b7e5f515ba7834d0a148584ab1

    • SHA256

      eec8006a53c5f85c442040a9e30d8b26a258b0668084ae6fe599307453b38f58

    • SHA512

      fc7e745cb485c816c7f4feffabdb3dc1c06c93517ce122327db3cbaa4436064346f7e1b5378368d6bf833f830d1290a99157dd7f1df246fd5e89099d1bf918d2

    • SSDEEP

      12288:PMrQy90WkuILsbe5vFYFIVNFZkgujQxN3bazBolTLfEg7aSoP9m:jybkb4YA3j4azBoNleSoP9m

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks