General

  • Target

    41427134d4a9b59430833fdbdbfd7d3c146124d1729d192d82c7d4260413b1e0

  • Size

    548KB

  • Sample

    241109-fjgzdaxlf1

  • MD5

    8b7d837af59f35ff6469f1482b68abfa

  • SHA1

    ec53f1ae365bde65e4985be2a6041fd6510232a5

  • SHA256

    41427134d4a9b59430833fdbdbfd7d3c146124d1729d192d82c7d4260413b1e0

  • SHA512

    9da6009699518140088332c200682ca137ce2caded4dd44a7e7d1239dfa668e8462d39a0848be6e84482475a51f1a83a33839a4e6ec1f9932ab39728a96e3f3c

  • SSDEEP

    12288:YMrry904Dxsiu5kvZcpoVDXhRd0y14qc4QsEi:Dyt7vZcpGh0XhUEi

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      41427134d4a9b59430833fdbdbfd7d3c146124d1729d192d82c7d4260413b1e0

    • Size

      548KB

    • MD5

      8b7d837af59f35ff6469f1482b68abfa

    • SHA1

      ec53f1ae365bde65e4985be2a6041fd6510232a5

    • SHA256

      41427134d4a9b59430833fdbdbfd7d3c146124d1729d192d82c7d4260413b1e0

    • SHA512

      9da6009699518140088332c200682ca137ce2caded4dd44a7e7d1239dfa668e8462d39a0848be6e84482475a51f1a83a33839a4e6ec1f9932ab39728a96e3f3c

    • SSDEEP

      12288:YMrry904Dxsiu5kvZcpoVDXhRd0y14qc4QsEi:Dyt7vZcpGh0XhUEi

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks