General

  • Target

    9645b82809bb8faf18a8ed1bcba99b2a2770469303c7a0fe1d96dbe9c57dfb5c

  • Size

    538KB

  • Sample

    241109-fj2zjsyalm

  • MD5

    c91f0754e55e27babc2d972a2f2546de

  • SHA1

    ba9658b2891f0b33e429259cc0bfabfc018e6332

  • SHA256

    9645b82809bb8faf18a8ed1bcba99b2a2770469303c7a0fe1d96dbe9c57dfb5c

  • SHA512

    cca6f08a6f0dd5ad95ecb22d881a6721567ab42d5a5ca42142ede8750f8135c040d0c34da2f66c0b620cf8a081e6999fda7be686b3e964d6e70a58eabe766c78

  • SSDEEP

    12288:VMr3y90TqD+V2tguv5kAAoyEgTaSwjPNGsRTD9/db3yfL:Ky+VeJhk9obgTaScPN/RX9Fbu

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      9645b82809bb8faf18a8ed1bcba99b2a2770469303c7a0fe1d96dbe9c57dfb5c

    • Size

      538KB

    • MD5

      c91f0754e55e27babc2d972a2f2546de

    • SHA1

      ba9658b2891f0b33e429259cc0bfabfc018e6332

    • SHA256

      9645b82809bb8faf18a8ed1bcba99b2a2770469303c7a0fe1d96dbe9c57dfb5c

    • SHA512

      cca6f08a6f0dd5ad95ecb22d881a6721567ab42d5a5ca42142ede8750f8135c040d0c34da2f66c0b620cf8a081e6999fda7be686b3e964d6e70a58eabe766c78

    • SSDEEP

      12288:VMr3y90TqD+V2tguv5kAAoyEgTaSwjPNGsRTD9/db3yfL:Ky+VeJhk9obgTaScPN/RX9Fbu

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks