General

  • Target

    b6e6d611d49423cfe42364d2343be3e09b02f3d5aa23ce204d6405ab30a919ad

  • Size

    659KB

  • Sample

    241109-enffnszmfl

  • MD5

    dfbcef3e6acde41bf0fb805ce98da0bc

  • SHA1

    6d831cb3b54c784eeb716e834617d5dca05b64ce

  • SHA256

    b6e6d611d49423cfe42364d2343be3e09b02f3d5aa23ce204d6405ab30a919ad

  • SHA512

    1e39d075071f7ac66c8aaed9aa2772a60068bb070d6bb471e84814204434fe3bb30d8c9e9642ecff1f0d013ecb20416dd3740a7356b2485dba6df097dbc7dd3c

  • SSDEEP

    12288:bMruy90lUbsuOqp/dZGmktIoLCWyCqG8kTMJaz05sMrLiPi3aWP38nPJeF:RyQ7wHtkmoLfyxk4AzksM6Pi3538PJeF

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      b6e6d611d49423cfe42364d2343be3e09b02f3d5aa23ce204d6405ab30a919ad

    • Size

      659KB

    • MD5

      dfbcef3e6acde41bf0fb805ce98da0bc

    • SHA1

      6d831cb3b54c784eeb716e834617d5dca05b64ce

    • SHA256

      b6e6d611d49423cfe42364d2343be3e09b02f3d5aa23ce204d6405ab30a919ad

    • SHA512

      1e39d075071f7ac66c8aaed9aa2772a60068bb070d6bb471e84814204434fe3bb30d8c9e9642ecff1f0d013ecb20416dd3740a7356b2485dba6df097dbc7dd3c

    • SSDEEP

      12288:bMruy90lUbsuOqp/dZGmktIoLCWyCqG8kTMJaz05sMrLiPi3aWP38nPJeF:RyQ7wHtkmoLfyxk4AzksM6Pi3538PJeF

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks