General

  • Target

    c7565858c9ae1128dd4fbbfc4f7c818d26e6753cb66d5280d81172f113e7f5a7

  • Size

    662KB

  • Sample

    241109-fjyxwsyakg

  • MD5

    0a56cbf7b546ff6671681c2c049eb1ef

  • SHA1

    5789407c58b3193d5ed558e348a22e8480407a33

  • SHA256

    c7565858c9ae1128dd4fbbfc4f7c818d26e6753cb66d5280d81172f113e7f5a7

  • SHA512

    52b07df5ca7bc8b926349085fe6397694ed197e9664c20a96d369a23d3ffc10025da9424f4130427311b0d8fe73c99218c9bbf495a624710c36b0bcef71ab5af

  • SSDEEP

    12288:eMryy90WNhn5nfN7gqofeuT9Zz/ja5eT2RcjG33BaB6M2qTIwGr/kkwy9:YyLNR5fNJOeuT99/ZTl9B6M2qT5w6m

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      c7565858c9ae1128dd4fbbfc4f7c818d26e6753cb66d5280d81172f113e7f5a7

    • Size

      662KB

    • MD5

      0a56cbf7b546ff6671681c2c049eb1ef

    • SHA1

      5789407c58b3193d5ed558e348a22e8480407a33

    • SHA256

      c7565858c9ae1128dd4fbbfc4f7c818d26e6753cb66d5280d81172f113e7f5a7

    • SHA512

      52b07df5ca7bc8b926349085fe6397694ed197e9664c20a96d369a23d3ffc10025da9424f4130427311b0d8fe73c99218c9bbf495a624710c36b0bcef71ab5af

    • SSDEEP

      12288:eMryy90WNhn5nfN7gqofeuT9Zz/ja5eT2RcjG33BaB6M2qTIwGr/kkwy9:YyLNR5fNJOeuT99/ZTl9B6M2qT5w6m

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks