General

  • Target

    7a48648f003a6e73df32a03ca23bba789f1f683b20cb3ab25f95ff4f3b5cfb1a

  • Size

    666KB

  • Sample

    241109-ejtgqsxcll

  • MD5

    12a553c0debd8d4dfe440f83a2b8f967

  • SHA1

    dcbdd03f6c5ca62d2b1503a9df0d0f8b33b90698

  • SHA256

    7a48648f003a6e73df32a03ca23bba789f1f683b20cb3ab25f95ff4f3b5cfb1a

  • SHA512

    99604ba2697e750aef18c1d37bdd20893b21e5b9a196a86d9d70d87561bc9a681b96ffa1dc5bd7074fd5d1dc93b1245329cc67bad2ac5249ca70ab98d8975f59

  • SSDEEP

    12288:XMrmy90Urv+VTJ+Gi9N/djJ2CaaNiW67groJNPpFlCVUs0zVVrU1po/wNFjoVA3G:lyBrv+VZMNS4NiNgWHT0DuVrSGw7j8YG

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      7a48648f003a6e73df32a03ca23bba789f1f683b20cb3ab25f95ff4f3b5cfb1a

    • Size

      666KB

    • MD5

      12a553c0debd8d4dfe440f83a2b8f967

    • SHA1

      dcbdd03f6c5ca62d2b1503a9df0d0f8b33b90698

    • SHA256

      7a48648f003a6e73df32a03ca23bba789f1f683b20cb3ab25f95ff4f3b5cfb1a

    • SHA512

      99604ba2697e750aef18c1d37bdd20893b21e5b9a196a86d9d70d87561bc9a681b96ffa1dc5bd7074fd5d1dc93b1245329cc67bad2ac5249ca70ab98d8975f59

    • SSDEEP

      12288:XMrmy90Urv+VTJ+Gi9N/djJ2CaaNiW67groJNPpFlCVUs0zVVrU1po/wNFjoVA3G:lyBrv+VZMNS4NiNgWHT0DuVrSGw7j8YG

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks