General

  • Target

    f2ebe142c6c2c1251b60bd2256c55350be742fcc09dd24fa524de685609a5676

  • Size

    992KB

  • Sample

    241109-fh746sxlfy

  • MD5

    2c0eb133506fd3fb7e2aa5cfb42599a6

  • SHA1

    04ec3b1eeaa3ee21b412ce0b2b5fb9dbc85c5181

  • SHA256

    f2ebe142c6c2c1251b60bd2256c55350be742fcc09dd24fa524de685609a5676

  • SHA512

    bc1f39bc0da0d938397a9985695e3aec6478aa08e283240ce90c1f8a2069df44fa0ea267db725df44899fd4d441ff90cdcc3e947e43a73dfea916d684baa832c

  • SSDEEP

    12288:UMrxy90J2P0hQ/2EN7XZsBdL0mK/8C8b5f+WHjhcPKjegoqBHD2tFVHv34SLu0Hn:9yyQ5NIdL0dK+WDhcC6gDIFVASVHFB

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      f2ebe142c6c2c1251b60bd2256c55350be742fcc09dd24fa524de685609a5676

    • Size

      992KB

    • MD5

      2c0eb133506fd3fb7e2aa5cfb42599a6

    • SHA1

      04ec3b1eeaa3ee21b412ce0b2b5fb9dbc85c5181

    • SHA256

      f2ebe142c6c2c1251b60bd2256c55350be742fcc09dd24fa524de685609a5676

    • SHA512

      bc1f39bc0da0d938397a9985695e3aec6478aa08e283240ce90c1f8a2069df44fa0ea267db725df44899fd4d441ff90cdcc3e947e43a73dfea916d684baa832c

    • SSDEEP

      12288:UMrxy90J2P0hQ/2EN7XZsBdL0mK/8C8b5f+WHjhcPKjegoqBHD2tFVHv34SLu0Hn:9yyQ5NIdL0dK+WDhcC6gDIFVASVHFB

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks