General

  • Target

    b9602c8eea0468f5afd346a28e66d83cc9ee540f4a8fb9dd34ed147f4cce30a0

  • Size

    1.1MB

  • Sample

    241109-f33p7aydmg

  • MD5

    352762141869b8a322af74d70d96b387

  • SHA1

    04cf0de3608c1452611ff67f3de5257fd0b3cd14

  • SHA256

    b9602c8eea0468f5afd346a28e66d83cc9ee540f4a8fb9dd34ed147f4cce30a0

  • SHA512

    3710990328eaf7239bfce08733b5b1f95bbe60568d8b455cbbb800eeca17d9f6da3d558d359574815f64e27e6c9b9c2b5cebbc86bcc5dca9d2963640635c430e

  • SSDEEP

    24576:MyJ82V0Qolx1kUrGWT0Nk9wMuE2jipJvxduHHHL9j9lU:7q2m9B0Eu/qduHL9H

Malware Config

Extracted

Family

redline

Botnet

rouch

C2

193.56.146.11:4162

Attributes
  • auth_value

    1b1735bcfc122c708eae27ca352568de

Targets

    • Target

      b9602c8eea0468f5afd346a28e66d83cc9ee540f4a8fb9dd34ed147f4cce30a0

    • Size

      1.1MB

    • MD5

      352762141869b8a322af74d70d96b387

    • SHA1

      04cf0de3608c1452611ff67f3de5257fd0b3cd14

    • SHA256

      b9602c8eea0468f5afd346a28e66d83cc9ee540f4a8fb9dd34ed147f4cce30a0

    • SHA512

      3710990328eaf7239bfce08733b5b1f95bbe60568d8b455cbbb800eeca17d9f6da3d558d359574815f64e27e6c9b9c2b5cebbc86bcc5dca9d2963640635c430e

    • SSDEEP

      24576:MyJ82V0Qolx1kUrGWT0Nk9wMuE2jipJvxduHHHL9j9lU:7q2m9B0Eu/qduHL9H

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks