General

  • Target

    ab2ce9c7d0c0db0c6292b899f436e0eb79163e043b497c636055651f25dfed08

  • Size

    689KB

  • Sample

    241109-fk6n5a1kej

  • MD5

    04ce68cf8fec1c105d4d2f658c6cdbed

  • SHA1

    3f168b1199f7c39b685cd9182ef3fe08d1ed445f

  • SHA256

    ab2ce9c7d0c0db0c6292b899f436e0eb79163e043b497c636055651f25dfed08

  • SHA512

    15226ae3435380b8873719bd823d29b13700a02e0f30d8b5e02a357b1e6ca0867bb9ef53b796e4e9f1e52494b5b23243625e698ccb12ad1ef1617ce2ef1a4244

  • SSDEEP

    12288:bMrEy90LQZci9tc0k68eMnj0VtC+iqI6EAHYrBHaZpR1Zh8scP82OmmLm:jy0QNKF68lnwbC+hI6lIBHa5bhU9

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      ab2ce9c7d0c0db0c6292b899f436e0eb79163e043b497c636055651f25dfed08

    • Size

      689KB

    • MD5

      04ce68cf8fec1c105d4d2f658c6cdbed

    • SHA1

      3f168b1199f7c39b685cd9182ef3fe08d1ed445f

    • SHA256

      ab2ce9c7d0c0db0c6292b899f436e0eb79163e043b497c636055651f25dfed08

    • SHA512

      15226ae3435380b8873719bd823d29b13700a02e0f30d8b5e02a357b1e6ca0867bb9ef53b796e4e9f1e52494b5b23243625e698ccb12ad1ef1617ce2ef1a4244

    • SSDEEP

      12288:bMrEy90LQZci9tc0k68eMnj0VtC+iqI6EAHYrBHaZpR1Zh8scP82OmmLm:jy0QNKF68lnwbC+hI6lIBHa5bhU9

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks