General

  • Target

    055ccb16952407219c8d52c37b78f9d693f4f768b6d5b7396b016a2e5d27b649

  • Size

    529KB

  • Sample

    241109-f4nmnaydqj

  • MD5

    4a569fd93b7ff7483f66168d08c2b01d

  • SHA1

    29f681d2ca60423f81ba864e75f2576aa8e6b01e

  • SHA256

    055ccb16952407219c8d52c37b78f9d693f4f768b6d5b7396b016a2e5d27b649

  • SHA512

    13045fae800f58e7e6546551396a8077a91d72fe394d486ae2b7759009f26d52b8d4199b929c13c3faecb45a77351fbcdc153746f2c8edeeb237e443eaefc98f

  • SSDEEP

    12288:UMrfy90KKdfOE9Z4SiTmql/nL5rE8YxhMa6pkwXw7:byvKYEeBnL5rE8+Mkuw7

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      055ccb16952407219c8d52c37b78f9d693f4f768b6d5b7396b016a2e5d27b649

    • Size

      529KB

    • MD5

      4a569fd93b7ff7483f66168d08c2b01d

    • SHA1

      29f681d2ca60423f81ba864e75f2576aa8e6b01e

    • SHA256

      055ccb16952407219c8d52c37b78f9d693f4f768b6d5b7396b016a2e5d27b649

    • SHA512

      13045fae800f58e7e6546551396a8077a91d72fe394d486ae2b7759009f26d52b8d4199b929c13c3faecb45a77351fbcdc153746f2c8edeeb237e443eaefc98f

    • SSDEEP

      12288:UMrfy90KKdfOE9Z4SiTmql/nL5rE8YxhMa6pkwXw7:byvKYEeBnL5rE8+Mkuw7

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks