General

  • Target

    56f8d2dda3cd88348127095ef33b0d4760faf55e4e0b51f4c327a439d18f6b08

  • Size

    660KB

  • Sample

    241109-fkxffsyama

  • MD5

    81e5a6906aff4ffd0ea84ee9fede4811

  • SHA1

    ced02478ca38e2d8e8fc1f286890f91f5a8dd47e

  • SHA256

    56f8d2dda3cd88348127095ef33b0d4760faf55e4e0b51f4c327a439d18f6b08

  • SHA512

    85c19d8fe005b89b7687a3cf90dac77756e6ddcc2042c88558afcba272933bb5842b43973539e5794e91661d2fdca4b957824501124edc48276a1c1ae738a009

  • SSDEEP

    12288:WMr8y90lzrTkHP0RQ7bJWhmaMFlUDZSOfT1El6C+8:eyePkHPoQ7bJWhmaglOfOsC+8

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      56f8d2dda3cd88348127095ef33b0d4760faf55e4e0b51f4c327a439d18f6b08

    • Size

      660KB

    • MD5

      81e5a6906aff4ffd0ea84ee9fede4811

    • SHA1

      ced02478ca38e2d8e8fc1f286890f91f5a8dd47e

    • SHA256

      56f8d2dda3cd88348127095ef33b0d4760faf55e4e0b51f4c327a439d18f6b08

    • SHA512

      85c19d8fe005b89b7687a3cf90dac77756e6ddcc2042c88558afcba272933bb5842b43973539e5794e91661d2fdca4b957824501124edc48276a1c1ae738a009

    • SSDEEP

      12288:WMr8y90lzrTkHP0RQ7bJWhmaMFlUDZSOfT1El6C+8:eyePkHPoQ7bJWhmaglOfOsC+8

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks