General

  • Target

    180063b136a01028edc1cd10205e8bdbe8be5b334869481a48a6b92eade591ff

  • Size

    537KB

  • Sample

    241109-em11zszmen

  • MD5

    c5e379fcd216a4ef360b28aa10c27521

  • SHA1

    b40be5a4dd25c3c350742e6af5f27072281a6bdb

  • SHA256

    180063b136a01028edc1cd10205e8bdbe8be5b334869481a48a6b92eade591ff

  • SHA512

    f0d7f81a392b7809f3f4e53aecaa5dec72bc0f64559b7f72e0fa931de54bf154a9776d98b2304f9fabd40d35962850638aa627e65aa4f53d4e4baabfaa342096

  • SSDEEP

    12288:jMryy90quC9seLPN/3no9qY9/LwOA3eyKzUNxHIw9WOEgP:Nyp9jP1cn/3AuyKz+ow9KgP

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      180063b136a01028edc1cd10205e8bdbe8be5b334869481a48a6b92eade591ff

    • Size

      537KB

    • MD5

      c5e379fcd216a4ef360b28aa10c27521

    • SHA1

      b40be5a4dd25c3c350742e6af5f27072281a6bdb

    • SHA256

      180063b136a01028edc1cd10205e8bdbe8be5b334869481a48a6b92eade591ff

    • SHA512

      f0d7f81a392b7809f3f4e53aecaa5dec72bc0f64559b7f72e0fa931de54bf154a9776d98b2304f9fabd40d35962850638aa627e65aa4f53d4e4baabfaa342096

    • SSDEEP

      12288:jMryy90quC9seLPN/3no9qY9/LwOA3eyKzUNxHIw9WOEgP:Nyp9jP1cn/3AuyKz+ow9KgP

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks