General

  • Target

    aa9fb5a8d2a7160979dda5f23dbaa92ffa7c8bf87d699997d97909d042eb1ee5

  • Size

    537KB

  • Sample

    241109-el6vvazmdl

  • MD5

    f18afc272e40d68a5f878d3a6a8e8c3e

  • SHA1

    43827ae6a2509b58b6eed66b49ea3b172bb6058c

  • SHA256

    aa9fb5a8d2a7160979dda5f23dbaa92ffa7c8bf87d699997d97909d042eb1ee5

  • SHA512

    abf16ac0194c99c5ca44599e11c27b62de08277a238abafdd858e12f62d6f11ac24e308984c153f09681bee16d7ddaa8a910cf43649219d56d07d58a8ab98d3b

  • SSDEEP

    12288:xMrny90hV4kuIFbgi6tKrKQjvhhx6TfyAdL4IzGbOKB:6yL4EcKQjv4fyAhflq

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      aa9fb5a8d2a7160979dda5f23dbaa92ffa7c8bf87d699997d97909d042eb1ee5

    • Size

      537KB

    • MD5

      f18afc272e40d68a5f878d3a6a8e8c3e

    • SHA1

      43827ae6a2509b58b6eed66b49ea3b172bb6058c

    • SHA256

      aa9fb5a8d2a7160979dda5f23dbaa92ffa7c8bf87d699997d97909d042eb1ee5

    • SHA512

      abf16ac0194c99c5ca44599e11c27b62de08277a238abafdd858e12f62d6f11ac24e308984c153f09681bee16d7ddaa8a910cf43649219d56d07d58a8ab98d3b

    • SSDEEP

      12288:xMrny90hV4kuIFbgi6tKrKQjvhhx6TfyAdL4IzGbOKB:6yL4EcKQjv4fyAhflq

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks