General

  • Target

    7733d78e69ed9ae3d51684345e5fda74c6e6cfdf04c81bee5ec4959ce061dced

  • Size

    660KB

  • Sample

    241109-epv8hszmhp

  • MD5

    4dd0eb44d5acb2022e6a062685d46705

  • SHA1

    c2aee4456847bc26daa4b6891f3c5d9abd06aab6

  • SHA256

    7733d78e69ed9ae3d51684345e5fda74c6e6cfdf04c81bee5ec4959ce061dced

  • SHA512

    a7b20469692e99ceacb2c8d93e234ec4970bf8f461cf4c52c9f4524cd4f723f17411b253bc32d0d4255af40800b65b46f09cb42e409a56cf779199bdca94418c

  • SSDEEP

    12288:eMrqy90LSfLM4Lr6NvnXUQSNHPhg+vGPav1bogD7i9Q1lh/R:syQ4EnXUQSNPuj+zh/R

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      7733d78e69ed9ae3d51684345e5fda74c6e6cfdf04c81bee5ec4959ce061dced

    • Size

      660KB

    • MD5

      4dd0eb44d5acb2022e6a062685d46705

    • SHA1

      c2aee4456847bc26daa4b6891f3c5d9abd06aab6

    • SHA256

      7733d78e69ed9ae3d51684345e5fda74c6e6cfdf04c81bee5ec4959ce061dced

    • SHA512

      a7b20469692e99ceacb2c8d93e234ec4970bf8f461cf4c52c9f4524cd4f723f17411b253bc32d0d4255af40800b65b46f09cb42e409a56cf779199bdca94418c

    • SSDEEP

      12288:eMrqy90LSfLM4Lr6NvnXUQSNHPhg+vGPav1bogD7i9Q1lh/R:syQ4EnXUQSNPuj+zh/R

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks