General

  • Target

    06439e37a05c2865479c9f14e8fbd01beaf97d1700be9e48574b7f0968879f16

  • Size

    660KB

  • Sample

    241109-ejmzyswnfv

  • MD5

    cfb46ea2c280872c2457a32829704e36

  • SHA1

    fbbc4ffabb1b865cc89e006924a8e6a4e01bd715

  • SHA256

    06439e37a05c2865479c9f14e8fbd01beaf97d1700be9e48574b7f0968879f16

  • SHA512

    c23984ec0cd59b478203b83dc12133fa1b4359e7227368e5ca974a7196f41833062755a776a261e8c5f82e8e5630ed88f8f4bee3cabc5965ab2ed8982b0d3627

  • SSDEEP

    12288:wMrcy90WpSc0R6M+EiiH3l86crIrqukW5PRFl0dBVF6w6Ekzm0zQM2TCj:8yNpTd432Irqi55E6w6EkzxrECj

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      06439e37a05c2865479c9f14e8fbd01beaf97d1700be9e48574b7f0968879f16

    • Size

      660KB

    • MD5

      cfb46ea2c280872c2457a32829704e36

    • SHA1

      fbbc4ffabb1b865cc89e006924a8e6a4e01bd715

    • SHA256

      06439e37a05c2865479c9f14e8fbd01beaf97d1700be9e48574b7f0968879f16

    • SHA512

      c23984ec0cd59b478203b83dc12133fa1b4359e7227368e5ca974a7196f41833062755a776a261e8c5f82e8e5630ed88f8f4bee3cabc5965ab2ed8982b0d3627

    • SSDEEP

      12288:wMrcy90WpSc0R6M+EiiH3l86crIrqukW5PRFl0dBVF6w6Ekzm0zQM2TCj:8yNpTd432Irqi55E6w6EkzxrECj

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks