General

  • Target

    aeb6bd1e2e07637b656cce3fc6f56cff1a4f5798d985877cfdd203952a08f045

  • Size

    530KB

  • Sample

    241109-fkvxmayalh

  • MD5

    adbc2600aa6007d7131036a5d41f8fa9

  • SHA1

    4b7c8be503e541a0af3c2de46065deffba80887d

  • SHA256

    aeb6bd1e2e07637b656cce3fc6f56cff1a4f5798d985877cfdd203952a08f045

  • SHA512

    29e549765a65ed4b1a97e78b7a9aa3508ddff0f8b5fb5de56e37c396011574c208f4d786f69e75045fd42742baf3183157c3ad3439831dbec9fdf09bbf3c38dd

  • SSDEEP

    12288:YMroy90HJ5azjWRat08tRHWQZoKQ3Zh8ah+tRU6:gy/aRaC8vov8T3U6

Malware Config

Extracted

Family

redline

Botnet

rosto

C2

hueref.eu:4162

Attributes
  • auth_value

    07d81eba8cad42bbd0ae60042d48eac6

Targets

    • Target

      aeb6bd1e2e07637b656cce3fc6f56cff1a4f5798d985877cfdd203952a08f045

    • Size

      530KB

    • MD5

      adbc2600aa6007d7131036a5d41f8fa9

    • SHA1

      4b7c8be503e541a0af3c2de46065deffba80887d

    • SHA256

      aeb6bd1e2e07637b656cce3fc6f56cff1a4f5798d985877cfdd203952a08f045

    • SHA512

      29e549765a65ed4b1a97e78b7a9aa3508ddff0f8b5fb5de56e37c396011574c208f4d786f69e75045fd42742baf3183157c3ad3439831dbec9fdf09bbf3c38dd

    • SSDEEP

      12288:YMroy90HJ5azjWRat08tRHWQZoKQ3Zh8ah+tRU6:gy/aRaC8vov8T3U6

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks