General

  • Target

    d6df524e62a297ea2eb33b65c96646b74bea46cd114f36d727c8aff8bff54182

  • Size

    658KB

  • Sample

    241109-fl3nvs1kfr

  • MD5

    83ceff8cf792e8368babadbae36241fd

  • SHA1

    dd2732f93e9979521ae028227af265dce7b84c99

  • SHA256

    d6df524e62a297ea2eb33b65c96646b74bea46cd114f36d727c8aff8bff54182

  • SHA512

    d4205044cd777fcac2b3b62bc69b4bdc3ba55b9986d18934cbea4549f6e702ad65c5c4aa7af512e4787a07a8258174a6d709acc045dbb02ee6a499ae7fdd418d

  • SSDEEP

    12288:7Mriy90Bq175vC7xsLEJq9ohUPPkC1Qic+jpH0s9R5gMeCixLLVx:lyeq175vsxsLY6eiXtz5/eCiNP

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Targets

    • Target

      d6df524e62a297ea2eb33b65c96646b74bea46cd114f36d727c8aff8bff54182

    • Size

      658KB

    • MD5

      83ceff8cf792e8368babadbae36241fd

    • SHA1

      dd2732f93e9979521ae028227af265dce7b84c99

    • SHA256

      d6df524e62a297ea2eb33b65c96646b74bea46cd114f36d727c8aff8bff54182

    • SHA512

      d4205044cd777fcac2b3b62bc69b4bdc3ba55b9986d18934cbea4549f6e702ad65c5c4aa7af512e4787a07a8258174a6d709acc045dbb02ee6a499ae7fdd418d

    • SSDEEP

      12288:7Mriy90Bq175vC7xsLEJq9ohUPPkC1Qic+jpH0s9R5gMeCixLLVx:lyeq175vsxsLY6eiXtz5/eCiNP

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks