General

  • Target

    59dcf2e909de2c166eae7ac6d54c4a0b35ea1e105d3c8131bf9747cfe405eecd

  • Size

    659KB

  • Sample

    241109-f3lfxaxqas

  • MD5

    820eceeff5b15fba7b267e1a5d54a1e0

  • SHA1

    322a5b8a3f5d1383f8fd9557186c7c9b124533fa

  • SHA256

    59dcf2e909de2c166eae7ac6d54c4a0b35ea1e105d3c8131bf9747cfe405eecd

  • SHA512

    51658f3dba350ace6bd411ea46f554602b74dc1350cbaffdd8b6c64a38c74236295c6938501b76c9a2eb5e9fc8906ac314c7ccdfec9bedc531e92487e9c295a2

  • SSDEEP

    12288:SMriy90hS17R8bVjzSr3ceyUxmkCj6W7n4mM1nWS2d4w+sD:8y97RIdSLc8mkZWD4xW5tD

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      59dcf2e909de2c166eae7ac6d54c4a0b35ea1e105d3c8131bf9747cfe405eecd

    • Size

      659KB

    • MD5

      820eceeff5b15fba7b267e1a5d54a1e0

    • SHA1

      322a5b8a3f5d1383f8fd9557186c7c9b124533fa

    • SHA256

      59dcf2e909de2c166eae7ac6d54c4a0b35ea1e105d3c8131bf9747cfe405eecd

    • SHA512

      51658f3dba350ace6bd411ea46f554602b74dc1350cbaffdd8b6c64a38c74236295c6938501b76c9a2eb5e9fc8906ac314c7ccdfec9bedc531e92487e9c295a2

    • SSDEEP

      12288:SMriy90hS17R8bVjzSr3ceyUxmkCj6W7n4mM1nWS2d4w+sD:8y97RIdSLc8mkZWD4xW5tD

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks