General

  • Target

    ba433b5999b683001205825fd41ef65c32f8b8e90f4d2ee62385c6b50c2ed209

  • Size

    690KB

  • Sample

    241109-f3q2dsydle

  • MD5

    a2aae0b671b1bc782097483a7fc32065

  • SHA1

    7ab9f5c1ddb8df8abf3272df9884e960d14c655e

  • SHA256

    ba433b5999b683001205825fd41ef65c32f8b8e90f4d2ee62385c6b50c2ed209

  • SHA512

    29f2819ee939918c39741ef036e3deb2c12562b5de88260e41e998d01e9b9278c99213eba10ebc20705ded4c79931e7d6ac2e929911581f19bcc0e176fed725f

  • SSDEEP

    12288:wMrqy90AG4U9/biS46GfIyK65hLu7UXyxLuXd2D+vdFLlfigs/28pbDVdQ4:KyPyiSBGx5fa7UXS0cD+vLlagDkbD3b

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      ba433b5999b683001205825fd41ef65c32f8b8e90f4d2ee62385c6b50c2ed209

    • Size

      690KB

    • MD5

      a2aae0b671b1bc782097483a7fc32065

    • SHA1

      7ab9f5c1ddb8df8abf3272df9884e960d14c655e

    • SHA256

      ba433b5999b683001205825fd41ef65c32f8b8e90f4d2ee62385c6b50c2ed209

    • SHA512

      29f2819ee939918c39741ef036e3deb2c12562b5de88260e41e998d01e9b9278c99213eba10ebc20705ded4c79931e7d6ac2e929911581f19bcc0e176fed725f

    • SSDEEP

      12288:wMrqy90AG4U9/biS46GfIyK65hLu7UXyxLuXd2D+vdFLlfigs/28pbDVdQ4:KyPyiSBGx5fa7UXS0cD+vLlagDkbD3b

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks