General

  • Target

    e46ccd36f89c170ddac8e725ec3bf05541085543ce34fb72d00206d720d87660

  • Size

    678KB

  • Sample

    241109-emzg6axcrr

  • MD5

    d83b2b0a9a022220383a36a2ca5d5187

  • SHA1

    1b7dcb3e0ba0795019650a364d353e84b2ebc6eb

  • SHA256

    e46ccd36f89c170ddac8e725ec3bf05541085543ce34fb72d00206d720d87660

  • SHA512

    5c9cb3ed2f53c4d4ca1b143f15c6768f551b7d7a0a24d19670e9994b2ea63d2529f36ac9a99d72b108afc363d2934cd8a39a92f43605a8addcac8e34ea424350

  • SSDEEP

    12288:yMrIy9077forCnWWGh24whq6Mf6rhe6Fnv8j8obPHOP95V/:WyGorYWp2Fcf+Zv8jRYP/

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      e46ccd36f89c170ddac8e725ec3bf05541085543ce34fb72d00206d720d87660

    • Size

      678KB

    • MD5

      d83b2b0a9a022220383a36a2ca5d5187

    • SHA1

      1b7dcb3e0ba0795019650a364d353e84b2ebc6eb

    • SHA256

      e46ccd36f89c170ddac8e725ec3bf05541085543ce34fb72d00206d720d87660

    • SHA512

      5c9cb3ed2f53c4d4ca1b143f15c6768f551b7d7a0a24d19670e9994b2ea63d2529f36ac9a99d72b108afc363d2934cd8a39a92f43605a8addcac8e34ea424350

    • SSDEEP

      12288:yMrIy9077forCnWWGh24whq6Mf6rhe6Fnv8j8obPHOP95V/:WyGorYWp2Fcf+Zv8jRYP/

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks